hxxp://Accounts[.]google[.]com

Resubmissions

08/10/2024, 15:39 UTC

241008-s3nbqaxbjd 6

04/10/2024, 20:49 UTC

241004-zl1ztazenf 4

04/10/2024, 17:53 UTC

241004-wgp5zaxfpj 3

14/09/2024, 01:56 UTC

240914-ccskra1cnr 6

Analysis

max time kernel
1970s
max time network
2118s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 17:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Accounts.google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	476	firefox.exe
Token: SeDebugPrivilege	476	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
476	firefox.exe
476	firefox.exe
476	firefox.exe
476	firefox.exe
3916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 3952 wrote to memory of 476	3952	firefox.exe	79
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 1232	476	firefox.exe	80
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81
PID 476 wrote to memory of 4776	476	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://Accounts.google.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://Accounts.google.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1327ac4e-61dd-439d-96fd-6ef0b9987415} 476 "\\.\pipe\gecko-crash-server-pipe.476" gpu
    3⤵
    PID:1232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {235e36f3-e489-45fa-b94d-add395cd81e0} 476 "\\.\pipe\gecko-crash-server-pipe.476" socket
    3⤵
    - Checks processor information in registry
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3140 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb31933b-3f54-4836-a070-18b6c3d3b99b} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -childID 2 -isForBrowser -prefsHandle 4048 -prefMapHandle 2840 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ae6aa40-79ae-4bfe-b3f9-215bf6622e14} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4748 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1a9bf4b-cb90-4d55-be60-0752ca9a9229} 476 "\\.\pipe\gecko-crash-server-pipe.476" utility
    3⤵
    - Checks processor information in registry
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4464 -childID 3 -isForBrowser -prefsHandle 4504 -prefMapHandle 5252 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89681601-3628-465d-a116-4e19e39bea50} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 4 -isForBrowser -prefsHandle 5764 -prefMapHandle 5760 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a710ff9-db42-4807-a897-c4520ba6baf1} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3360 -childID 5 -isForBrowser -prefsHandle 4504 -prefMapHandle 5648 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0bdf08d-9ccb-4fc7-8088-6ad85f75823f} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:2176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 6044 -prefMapHandle 6048 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d7193ad-37f0-4c58-9b55-b2e14a29f224} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -childID 7 -isForBrowser -prefsHandle 6244 -prefMapHandle 6248 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ea902e-685e-45bc-8535-64ec6118c4f6} 476 "\\.\pipe\gecko-crash-server-pipe.476" tab
    3⤵
    PID:4132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7ca10cb-426e-4724-b317-af7229540b3b} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" gpu
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed97ba3e-c417-41d7-b88e-04d962e8db97} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" socket
    3⤵
    PID:4188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 2796 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eafb0ee7-a855-4af4-86fe-d49bcd661751} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3536 -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae7accf5-b4aa-4bb3-9980-d278e91e513e} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" tab
    3⤵
    PID:1164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4272 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4168 -prefMapHandle 4296 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb53d62-3045-4441-9d4b-94373ee2e35c} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" utility
    3⤵
    - Checks processor information in registry
    PID:2020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 4224 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca9cbf09-c519-445a-a14e-0b6ea5bf5a40} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" tab
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5224 -childID 4 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fd88c07-d49d-4c62-85c4-9df2a606df4b} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44306a8-eb62-4e9b-9411-d4bb948553ce} 3916 "\\.\pipe\gecko-crash-server-pipe.3916" tab
    3⤵
    PID:3756

Network

DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.133.84
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.133.84
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN AAAA

Response

accounts.google.com

IN AAAA

2a00:1450:400c:c07::54
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

www.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.179.227
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

172.217.16.238
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:827::2004
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

23.55.161.185

a19.dscg10.akamai.net

IN A

23.55.161.211
DNS

r5---sn-aigzrn7l.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r5---sn-aigzrn7l.gvt1.com

IN A

Response

r5---sn-aigzrn7l.gvt1.com

IN CNAME

r5.sn-aigzrn7l.gvt1.com

r5.sn-aigzrn7l.gvt1.com

IN A

173.194.5.234
DNS

234.5.194.173.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

234.5.194.173.in-addr.arpa

IN PTR

Response

234.5.194.173.in-addr.arpa

IN PTR

lhr48s02-in-f101e100net
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

ctldl.windowsupdate.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.23.210.88

a767.dspw65.akamai.net

IN A

2.23.210.83
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

8.8.8.8.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

fonts.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

142.250.187.195
DNS

99.201.58.216.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.238
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.16.238
DNS

185.161.55.23.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

185.161.55.23.in-addr.arpa

IN PTR

Response

185.161.55.23.in-addr.arpa

IN PTR

a23-55-161-185deploystaticakamaitechnologiescom
DNS

216.72.190.35.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

ocsp.digicert.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

35.86.24.102

shavar.prod.mozaws.net

IN A

44.242.117.95

shavar.prod.mozaws.net

IN A

54.70.187.236
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

84.133.125.74.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

84.133.125.74.in-addr.arpa

IN PTR

Response

84.133.125.74.in-addr.arpa

IN PTR

wo-in-f841e100net
DNS

fonts.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

142.250.187.195
DNS

46.200.250.142.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN AAAA

Response

play.google.com

IN AAAA

2a00:1450:4009:820::200e
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

23.55.161.185

a19.dscg10.akamai.net

IN A

23.55.161.211
DNS

r5.sn-aigzrn7l.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r5.sn-aigzrn7l.gvt1.com

IN A

Response

r5.sn-aigzrn7l.gvt1.com

IN A

173.194.5.234
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

nexusrules.officeapps.live.com

firefox.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.243.30
DNS

88.210.23.2.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
GET

http://accounts.google.com/

firefox.exe

Remote address:

74.125.133.84:80

Request

GET / HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html; charset=UTF-8
Location: https://accounts.google.com/
Content-Encoding: gzip
Date: Fri, 04 Oct 2024 17:54:20 GMT
Expires: Fri, 04 Oct 2024 17:54:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 195
Server: GSE
GET

https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30

firefox.exe

Remote address:

34.149.97.1:443

Request

GET /desktop/v1/recommendations?locale=en-US&region=GB&count=30 HTTP/2.0
host: firefox-api-proxy.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
consumer_key: 94110-6d5ff7a89d72c869766af0e0
if-none-match: W/"4654-T8h0+2+GIfhVBfDi+A3R4FI33/8"
te: trailers
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN A

34.107.243.93
DNS

1.97.149.34.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

1.97.149.34.in-addr.arpa

IN PTR

Response

1.97.149.34.in-addr.arpa

IN PTR

19714934bcgoogleusercontentcom
DNS

fonts.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN AAAA

Response

fonts.gstatic.com

IN AAAA

2a00:1450:4009:81f::2003
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
DNS

68.204.58.216.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

68.204.58.216.in-addr.arpa

IN PTR

Response

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f681e100net

68.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f4�H

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f4�H
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.16.238
DNS

201.181.244.35.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

12.173.189.20.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

12.173.189.20.in-addr.arpa

IN PTR

Response
DNS

69.209.201.84.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

69.209.201.84.in-addr.arpa

IN PTR

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
GET

https://accounts.google.com/

firefox.exe

Remote address:

74.125.133.84:443

Request

GET / HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

firefox.exe

Remote address:

74.125.133.84:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:IX2FB84j8pcRabi2B1trNyi0RaVqqw:NpJIr2MOjtxX5ise
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
GET

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ARpgrqfn5tIvoW76ELRsGgp5Ns8Nm3I_235Zz--o1YA7_oTXU1fm_qQq2FcAVhX0lEGwEdpekQxL0g

firefox.exe

Remote address:

74.125.133.84:443

Request

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ARpgrqfn5tIvoW76ELRsGgp5Ns8Nm3I_235Zz--o1YA7_oTXU1fm_qQq2FcAVhX0lEGwEdpekQxL0g HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:IX2FB84j8pcRabi2B1trNyi0RaVqqw:NpJIr2MOjtxX5ise
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
GET

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1326503056&timestamp=1728064461536

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1326503056&timestamp=1728064461536 HTTP/2.0
host: accounts.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
GET

https://www.google.com/favicon.ico

firefox.exe

Remote address:

216.58.204.68:443

Request

GET /favicon.ico HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.187.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 394
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.187.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 394
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
referer: https://accounts.google.com/
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

firefox.exe

Remote address:

23.55.161.185:80

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 10 Sep 2024 17:43:11 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1725990190.00063
Content-Type: application/zip
X-Trans-Id: tx389338daed724a3a92253-0066e1773fdfw1
Cache-Control: public, max-age=71694
Expires: Sat, 05 Oct 2024 13:49:54 GMT
Date: Fri, 04 Oct 2024 17:55:00 GMT
Connection: keep-alive
GET

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

firefox.exe

Remote address:

172.217.16.238:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
GET

https://r5---sn-aigzrn7l.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1728064096&mv=m&mvi=5&pl=24&rmhost=r2---sn-aigzrn7l.gvt1.com&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

firefox.exe

Remote address:

173.194.5.234:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1728064096&mv=m&mvi=5&pl=24&rmhost=r2---sn-aigzrn7l.gvt1.com&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com HTTP/1.1
Host: r5---sn-aigzrn7l.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Fri, 04 Oct 2024 08:04:32 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
GET

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

firefox.exe

Remote address:

35.190.72.216:443

Request

GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
host: location.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers

127.0.0.1:49815

firefox.exe
74.125.133.84:80

http://accounts.google.com/

http

firefox.exe

629 B
835 B
6
5

HTTP Request

GET http://accounts.google.com/

HTTP Response

302
74.125.133.84:80

accounts.google.com

firefox.exe

190 B
92 B
4
2
34.149.97.1:443

https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30

tls, http2

firefox.exe

2.0kB
12.6kB
15
18

HTTP Request

GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
74.125.133.84:443

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ARpgrqfn5tIvoW76ELRsGgp5Ns8Nm3I_235Zz--o1YA7_oTXU1fm_qQq2FcAVhX0lEGwEdpekQxL0g

tls, http2

firefox.exe

2.6kB
9.2kB
19
25

HTTP Request

GET https://accounts.google.com/

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ARpgrqfn5tIvoW76ELRsGgp5Ns8Nm3I_235Zz--o1YA7_oTXU1fm_qQq2FcAVhX0lEGwEdpekQxL0g
142.250.200.46:443

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1326503056&timestamp=1728064461536

tls, http2

firefox.exe

2.1kB
23.9kB
16
30

HTTP Request

GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1326503056&timestamp=1728064461536
216.58.204.68:443

https://www.google.com/favicon.ico

tls, http2

firefox.exe

1.9kB
7.4kB
14
14

HTTP Request

GET https://www.google.com/favicon.ico
142.250.187.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

3.1kB
9.1kB
19
26

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.187.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

2.0kB
8.4kB
15
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
127.0.0.1:49822

firefox.exe
127.0.0.1:50281

firefox.exe
127.0.0.1:50300

firefox.exe
23.55.161.185:80

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

http

firefox.exe

8.4kB
506.9kB
177
377

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

HTTP Response

200
172.217.16.238:443

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

tls, http2

firefox.exe

1.5kB
8.8kB
16
19

HTTP Request

GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
173.194.5.234:443

https://r5---sn-aigzrn7l.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1728064096&mv=m&mvi=5&pl=24&rmhost=r2---sn-aigzrn7l.gvt1.com&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

tls, http

firefox.exe

280.3kB
15.1MB
5260
10835

HTTP Request

GET https://r5---sn-aigzrn7l.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1728064096&mv=m&mvi=5&pl=24&rmhost=r2---sn-aigzrn7l.gvt1.com&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

HTTP Response

200
35.190.72.216:443

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

tls, http2

firefox.exe

2.2kB
4.9kB
20
19

HTTP Request

GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

8.8.8.8:53

accounts.google.com

dns

firefox.exe

1.2kB
2.1kB
16
16

DNS Request

accounts.google.com

DNS Response

74.125.133.84

DNS Request

accounts.google.com

DNS Response

74.125.133.84

DNS Request

accounts.google.com

DNS Response

2a00:1450:400c:c07::54

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

www.gstatic.com

DNS Response

142.250.179.227

DNS Request

www3.l.google.com

DNS Response

172.217.16.238

DNS Request

www.google.com

DNS Response

2a00:1450:4009:827::2004

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166

DNS Request

ciscobinary.openh264.org

DNS Response

23.55.161.185

23.55.161.211

DNS Request

r5---sn-aigzrn7l.gvt1.com

DNS Response

173.194.5.234

DNS Request

234.5.194.173.in-addr.arpa

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Request

ctldl.windowsupdate.com

DNS Response

2.23.210.88

2.23.210.83

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

1.1kB
1.9kB
15
15

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

142.250.187.195

DNS Request

99.201.58.216.in-addr.arpa

DNS Request

play.google.com

DNS Response

142.250.187.238

DNS Request

push.services.mozilla.com

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Request

redirector.gvt1.com

DNS Response

172.217.16.238

DNS Request

185.161.55.23.in-addr.arpa

DNS Request

216.72.190.35.in-addr.arpa

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

contile.services.mozilla.com
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

firefox.exe

1.2kB
2.0kB
16
16

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166

DNS Request

shavar.prod.mozaws.net

DNS Response

35.86.24.102

44.242.117.95

54.70.187.236

DNS Request

shavar.prod.mozaws.net

DNS Request

84.133.125.74.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

142.250.187.195

DNS Request

46.200.250.142.in-addr.arpa

DNS Request

play.google.com

DNS Response

2a00:1450:4009:820::200e

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166

DNS Request

a19.dscg10.akamai.net

DNS Response

23.55.161.185

23.55.161.211

DNS Request

r5.sn-aigzrn7l.gvt1.com

DNS Response

173.194.5.234

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.243.30

DNS Request

88.210.23.2.in-addr.arpa

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

1.0kB
1.7kB
14
14

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93

DNS Request

1.97.149.34.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

2a00:1450:4009:81f::2003

DNS Request

www.google.com

DNS Response

216.58.204.68

DNS Request

68.204.58.216.in-addr.arpa

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201

DNS Request

redirector.gvt1.com

DNS Response

172.217.16.238

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216

DNS Request

12.173.189.20.in-addr.arpa

DNS Request

69.209.201.84.in-addr.arpa

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

https

firefox.exe

1.8kB
4.4kB
5
7
74.125.133.84:443

accounts.google.com

https

firefox.exe

6.7kB
164.8kB
38
146
142.250.200.46:443

accounts.youtube.com

https

firefox.exe

1.9kB
9.3kB
7
10
216.58.204.68:443

www.google.com

https

firefox.exe

1.9kB
9.4kB
7
11
142.250.187.238:443

play.google.com

https

firefox.exe

3.5kB
12.0kB
10
21
172.217.16.238:443

redirector.gvt1.com

https

firefox.exe

2.0kB
9.3kB
9
10
173.194.5.234:443

r5.sn-aigzrn7l.gvt1.com

https

firefox.exe

1.7kB
5.9kB
5
7
35.190.72.216:443

prod.classify-client.prod.webservices.mozgcp.net

https

firefox.exe

1.7kB
4.3kB
5
6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
45830f2e6b8fadb2a3b4149b8030fdb7

SHA1
540308fe6454291785a14ab9d380059ff760016c

SHA256
c0210425250de21b10cbf7567a0c93f348a4023bdf6770ba3f47b88930b80f36

SHA512
96ab6adc53ff2feccedb4c64fce058955009b397dbdfcd1647619678a0308062b701721d2374d1b91c33a1b9b1473c3e3311b7b9f5386fdeaf0380baa43291d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\doomed\6123

Filesize
15KB

MD5
142509243ac3f0a316458f01f60a5dcf

SHA1
651ab10f331bb467fd19ae8b25006d03c48b29ac

SHA256
32401f6e12910722bfce3e6060bd35d24a33d79fd0bbe0989f3a451a27eceacc

SHA512
b94eb509ca997f1ab29d01939ce6db1912e2bd5010fccdf3efbcd5044b5552a718f7351d0f3c29ce66abc74671e2ba1ec38add3127e56a41cee54aaac069201a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\055A4DB79CB2C218F82A1C747C3D4EBECBB82436

Filesize
13KB

MD5
4e53b66f44cc50d0f4140f650dfb261f

SHA1
e6681fc5b7a04cdf6ef8d173f39eafc863a2a01f

SHA256
f2dd940479915bbba7a74cc639115f2f8b9ec204223cd910e3dd4d367ce5cc7e

SHA512
cdf1f152a8bc8062099deace4cb388035d4f6e7e6aaf7de3b44919c4e897b01b81e2cd54196a913dce8ba5cb94887fbfa063321f964848b6b73b80bcd18a9b26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
e4d582c06138c6c6fe6087866ecde79c

SHA1
201df153e75f780f2d12575bc636599efc8f903d

SHA256
4a76e9dcd0ea29b9441fcc8f5ce768ed07d91b3cf3460210879c888ddc988527

SHA512
090d5e68f0682a7e392cc2c4be794abe76381f11b959df1ab6b20c685f18867d0bb86c5303dffde1d6d92956e376b0779b136a8e0a41e860d0a8b66db55508ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\40C7C98F06B537E9E76E6DC87529DA052081870D

Filesize
21KB

MD5
0dd044afdf0d228b9fa4b0a631fc3b5d

SHA1
1dcd54b32e4bcddbe90c47b0157af4847f4d4861

SHA256
98538bfb987bae200f8242fc28444d48ab1258f594c59b7f1c18b50e243fd479

SHA512
90bf430be3aa6540f2cefc6cd7cb90b432075aacd326c466073b1fdc11ed67b272cbb31580ebf6043a5c7a279e07d03a4ec3eba704b49fb492485594dad8cb42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\43D1EFF9FC6953F39625A1A4B9EF0F6945A07491

Filesize
105B

MD5
dfba1ef4adba01ce3f575be1c27f1910

SHA1
ffe4b90aea99392f72fabccfe9d511abf2103923

SHA256
7bacad6e73ca4d060b9648447acdda89d092c376d8025847e8629dcd0902eab6

SHA512
1aad7eaf0adb73d22339fb0b79c62074ebf8cc678030bf851c8cedb35715bb125e0a706fc38131cd74c3bae7b81f46b1354defbef749799a1236cdf479d7c3a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\52812E7A9BABFF98C8D16136D706C4E349BFE135

Filesize
9KB

MD5
2aafb68060cfdaf856a591771d3a3cde

SHA1
c49d6238ef993f06801fdd2436a0579ba4386921

SHA256
8a0df69ba11c80b0a38a09aeb88132f5dd0855dd08122c8dcf9013ad3a80a29b

SHA512
860bfcba7fd45e2755bcaa2eee1044f9383def61b422807cee85bc29ddd6d290ecea81a34ae9f2983e6aa32cc09ce1ec33b1f3931e0573bf340071153b108540

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\552D7E776EF97053734643ADC0C74EEAE5E0BE4C

Filesize
107B

MD5
fc20f51d099bf07bb9f7f57b393fb628

SHA1
0b2f8ad2d0ddf3e58704bd37a482879abfec9262

SHA256
310f047b461d3542081376bbf429b1ba8b8a7fcbfcff6f8259a9414eb49c021e

SHA512
5c7c12b37571e5e2765af34987aa895950b854c8cbc169975f3c1a89929c985ce82ad622119f24b35bd28503fe2ceef2e4dd8d04105da79c7a8c42882441e06b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\63307159D93AD4E84B7E269E247F2BBFA55AC09A

Filesize
11KB

MD5
79195694294a6b709d7352c11fdf071a

SHA1
06fe3390aea81ceb921c4add09c4e7884f2e926a

SHA256
f920f1da7950b40e9df6543b050e6862df5a2dd3c4815a076debc449dd709b09

SHA512
7da17a535a2534a868eb9519d870aa528da8d0bf4c36eebc6fd7e0a27b2a7e19618350bf6c21ce9d26ae1d23c2629a6438d8c9266dd726ec6aeaddd5833ac3ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\6BD7FB17639DAF3F9C18C228D143AA99B78535B0

Filesize
13KB

MD5
d776fbe3d247f93c6381c3b9990d5a9f

SHA1
7d80e52aa9896d72352ac905067952082aca052b

SHA256
fa6cd4323c7ecf85ee0dfd3f5609af173157a94c0afc9782e3dfc24ba40742fa

SHA512
391777a3faeef44cc86a12d39529d82304578d7d286e2956974934aa1dc1da01ac3f0e6bd423a91aad230e1817e7fe20c06e0572e45ddde73822c5a74e0c338e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
1286953e83db6040ddd7c2f07d5593d6

SHA1
2535989998c7acc06bb7d4a7dad9668b1cdee299

SHA256
dcbbd406c761147256277012ab786df5433912430800cf8ffcf8ad39bea8c7a2

SHA512
b3add8819db8f2a70615d1ab38a693edd2e5e0eab83a1af1c2c4f000988f03c0964d32aa2a2b73abe612b1a2b583339608bd805dc089b7b2cd4d9cc9e9366196

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\79B11E5B2A73707AF920FBB504E5C456E1698B13

Filesize
8KB

MD5
03c71e7550c1d18f6f50dd20bf4588c3

SHA1
36735cd456abf0d6c812dc4a9bf4a4320d4979bc

SHA256
49382ff170e6865251ab2798f5c9d3b96538a24637c3f5b743b01e5f95f1fa8d

SHA512
67b45fce946f77c23e7140db7047539ec366752e8b090d86375a28d7ebfa00e4bc9143c3effddf4950dcc8d7ef107501759e110e4fe578d86efe6f200b1e8d3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
2388a398b5c943f61478526e650b6062

SHA1
b028ca70e7f2c09bfa77896cafac1a1d4f5a8dd2

SHA256
2d9679b46f304cd4baa6c721f1c8fcd89d40a0664be0b15001623ad13bc9af61

SHA512
988bbe3cefe1d7140a84dd7dc0ec5ccd28f2af209c518ed968ad803c3cae30acfd42cd7a945a55f1670e8c0f5b376f3c102af3ea8f26a9a1669eda1880bd1c6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\822D7FBE3C1CF8367F7E690043341BEC69D8B848

Filesize
11KB

MD5
10107c3b171320f306b7f1389b9081f9

SHA1
9a25f8f6f8e984d8937751633fa5fa363c9e2d3d

SHA256
cf2607e2bfb7b6a5baf948189ac5dd2dfea2a184864aa59eabc2fcb70b253083

SHA512
93097cd9040e255690385582911318d049073d27810826e9c5e327e5a292170ef8970a7645145979d18cd2f609ef556e6e0ab2184e526a99eb4acd97071659a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
10KB

MD5
2ee672049c75de6156f2118580782684

SHA1
dc53acbfe356414738de3fb1cd5717c438db3993

SHA256
2550b3f1a9fd087ce04e32043a34592a2343ab1a7b94ef5f23c109f4ea2e5edb

SHA512
d8d90e84c7e3c31897d5e26ab11d65b6aaa9c24af59d8b5b4f1b002407eba1fc6b2252eb3e96a40992e2d7ecda2262098c07e1e51e31eb89d52b737920b792be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
eef3c0e9eb97682add7beb2b89eee7a7

SHA1
fa38be585f31f858800d68daa199359ae668a148

SHA256
3d62a9901d61258a178f772456dde586bd6620b12971119e2e4443cf1b3ffe1a

SHA512
e7488cccccfabe962760904f7d9fbe16e147aa8d17251a7b388646ae9c9848cf0e96e0bec20bbdd68dde6e12092ce202118a7d7d437a5238eae3b2f99d613fd1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\8E73B414E87A40B33F0884D3DD43B0212086B15F

Filesize
12KB

MD5
23849c0d36ba2c84b354bf0c3294e1ef

SHA1
332db76cc1230beee1341573cbdc0a481b05645b

SHA256
d565893b1cbdf26c9aca1c0535b4dad0834fbcc11862872470444f9578a9f0fa

SHA512
6841d8fb5133c29b137138438d28947d48b1ef872572af63e43808a9cf2c8d2c0aa514541c8afd1885c40fb3514efb7eeed253003abdd1e49799364b3b892143

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\9038B6038DD1BDC621AB32E3F49D88E9BA5CAF72

Filesize
18KB

MD5
c918e1c6f32b4ddf8d25b8003c761309

SHA1
d9d8a39538061b2a40d47267c1652b42c4bc9c78

SHA256
b2a21f6bc234590ab8403000f5b2b202168b9ae56b409f07c05cf64057bf5dc3

SHA512
045a4f1fb605f1ca1b1b1991a6bab79fc72e003c24ab472f666349b3e140641656a4c2a2e1f887b06ce029554738a0dd02d6b9eeda7cbc9d96adfc9755fa4e61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64

Filesize
59KB

MD5
f94d616f60edb9068d08310795a2e299

SHA1
cdd98419db84346d36f60332d2c3b9cb7b170d72

SHA256
fd720b4d96a7e9621e18e2e7c9cff958e1a864ad58f28062ed60b7ea3597aa8c

SHA512
896cc5b18b327d23456d3b8c7cff9820a386d10982f00a0ddc56af00702dc80bc18b4886de8869118f2be01305649c154abdfa6d59211d5f24d670d217d26e92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\9E4715E25F6590279FEF55FC530BDD3657206515

Filesize
233KB

MD5
87f1ffc2eed700768c8e3a7ce247d856

SHA1
820afd5c9317fa8719eaa9a29cd227fd6a3acf99

SHA256
17d09df9ef52c981727ddf73fb45de406315774ee2df6716c5937baabc96d3a5

SHA512
137a984380a057e38e48843321b157e8febc99c9a3b548a5d456df9d5c8f226dc8c713b52862cf60bea5ec8c137830e5873759cf21a6d17d0fa28f74d88f3b50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

Filesize
308B

MD5
7393056fc836c68c90757d38aed699e3

SHA1
dbc9e4a037529afa50d734ef1871bee5885aab4f

SHA256
8411bcbdd17f4bbe676a326467dbaa671c01028287016c4582255701714a9d93

SHA512
a4beee5e7413c571964dd2762cdf9186dca1599bc0a44e85e3404a571ef079e49fdded2d181ec433938cffb3a93191456c7b1f53dd3422c71ed3f9d1cba4ca0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\D3F0C53148D5E53C57B213ECDAB2DE46780AF816

Filesize
207KB

MD5
fede7716b21e56ee4a50a98fa2edd1be

SHA1
6f48e17d47019fe2b85bab45d05054e6d862a230

SHA256
59346c1ed7755d94a32322ab12d0c6bfae5f4a5f2280027bb1cdfdf185c94e00

SHA512
58f0abd3c2149fbf5f2ee5aee57d9db45194ed16b270a3fc55d88148f5db56eb516e5fc7ca147ef0d5c1b2f1042b05812869f8ea7c6e9256c4e816e2a6170c76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\D61792EB4E79D1B1D5EC87D91387911730E4D704

Filesize
11KB

MD5
8a9d2260067312f8a156799d22eed445

SHA1
40d2054d964c72a167d6a6f1c86d63a4e3855bb4

SHA256
7d929fae1cb453e55b3432cafc62793f4d0876cb299fc070a5d4b837b59c5918

SHA512
79ae6a170b27cc5b539403e7efeeb08de899634f153524d690b80fbeedc74e4d38c294e7248fb2dcf2f29de52c9586dbe3a72ca39d43cd5c7fcdfe350fc26191

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\DFE862443CE0CA2D14E315ED188D5E77A6E68CAC

Filesize
1007B

MD5
760c080d38f4eb549a80b3bcd56ed2e0

SHA1
fbc87cdd4b9936c234dd8ab2718256bfd9072421

SHA256
1154bf33d04e2d86ca22a5058de985734f22c67b96764017e009d3cd372fc3d7

SHA512
8844adeb9c29d0a83bc34cea376aa3050b6ec699342dc0aabe852cd25db1906d78448447b3f85aa23ef224ad30b0a857dce4d2dc01103c937121461a8f0c3884

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\E0BE75FBF2BB5EE88A0177D9072427AA3AA4C2B3

Filesize
11KB

MD5
959029f97d2b39745c391023a6f16f3e

SHA1
1273774da5f8da5bb23df39db0e641790dc45805

SHA256
695c69f1bc558e6c89414956683a908da7daccced9a05874b3ee0a6010acb777

SHA512
273edee478a8c20002e7a5c0faeb898209950fd44058f9b9f55b8edc99ffae400e60539f94528e88d5f40df8325639a22e6e4c548c51d62bd8294568c10614b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\F44C84F426BE11770FF5268FE25A83C67286984F

Filesize
12KB

MD5
232e4553987569574145d6d182747038

SHA1
c5db22a134af1524bfe7783f0ada5dd5775fba99

SHA256
0c798140aa8d01202cae9b5448d1c6c2176dd71f0d6263afa0d2bc37a14a5d1f

SHA512
930e3ecd50225cc384f764a6072310be57a6984de621b22e922ff89d55603bd6215212a460cc3a3ba26ca16d0190f9cffc97f469d62b74d0e42c348bbe396821

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\FE18B1E99DD23E73BA8417E60CDD3D241CE98E5F

Filesize
12KB

MD5
8771888a98b91baeda7931758f4e047b

SHA1
a6baac508538f1693c2856de15e353c9886cebf7

SHA256
a4aa1af3149121c27c799c81ccd7c4e7a4d0d762d5d773417e1f2f39ff3dec0f

SHA512
abb423b6b183d18a1d3f780b0dff8a834b5c08109274db84a14bc0e1a9818701e49046a4e9e92dfdc0d5ad0ff48e0160ca1c7c4289ee2b2d854db5a5f67acef7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
24d6c20c2371bb9028a30bf2a6c873cb

SHA1
0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

SHA256
5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

SHA512
a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\startupCache\scriptCache.bin

Filesize
9.2MB

MD5
66472745c4d077141bad9ab75853a55a

SHA1
96fbc74e856badef7aa9df2eeb4a19dfcb69c8d6

SHA256
162ee98e44229243d573692bcc8a5aad80847e87010eb195e4fec7093b1f3159

SHA512
eb5c7456dd3a2863b90aa8e9fb3a28cb2a2d5eb22279e88c0a689d179f75269c869cf956ba502d729738fb1d67f9c5945bfdcdf60ce54d6c6eeda3745cefcb2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
610f5c9c76a74a5544c7fbc6e79da633

SHA1
dbecce38c8091c5306e9fcef48b075ec24b455d2

SHA256
9bbc9f7b4f5b3f11203088e18634dd0c4b4196c65e71404b11742e219d42ae63

SHA512
796b037e1273cea4b6e109456db5157c0602a58b5416e247aabd516e560640a29cd8fd922151d3a7e7103bcf62399c635074ff3bcf90528604b167e4ed8201ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
a2b01a99e32acadb4d0ddc34c42622d9

SHA1
a596a69f03c578c8014682c1e4350ac4a32e47fb

SHA256
ebfead42f964c595cce75dfd56ad7e7f4ac6616669f7ed0c1d853408f13d0730

SHA512
f6a0cd03150e6ab2664cce364f6a183d1146649c2ea54f9fef960614a457f671d88fb80c4a985d917f5b56c79831131c79a386057c4f5a0092c5c964db407325

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9D9JW139F3DNPB2Z3ZM4.temp

Filesize
8KB

MD5
68bd7da9f690eb641bd7a4f206052bb9

SHA1
ae7f359beda0f89df6d45d6e754798b6971c44f2

SHA256
1068f180f2284a1fa735f43544cfab1bcc980ca83c9b02b45d013d9365417af3

SHA512
425788b9115968e7f4cfa3efbb7ae6c4fa5f218c1bb53575a827bd9f8092fbb06db80e40a0350f06cf4ae71465edf1b1e4de0d2748e81b523c675c2ade7d1287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
6KB

MD5
d5bc0b9a2949cca9a10efdf45488c166

SHA1
6c1edddd73709e753132a5df06607320b333931f

SHA256
62a7c544123558965942ae2f17a03567f1f30bd2133e30a0e81bc5d7f5c4a067

SHA512
ef4a718f24a485cea699725bd415a657cd20832be8646a42f147d7f040b3f2e09233f53feaa7e6aabba7f1cc0fa13e07144e8ccafed27645181fc74b7c17da97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
7KB

MD5
5b58bcd796d9fa22bf018245826271a9

SHA1
8b27253b95a47573f5b43e0f43ff04e5d31d228b

SHA256
4c58cf97ccc4d318b7acb4ea5b03e185c45198fe66f916aa0b88eb99ef72c81d

SHA512
1946b6e5ef6150430cdb5afe0bd16cf7fb2e803f0e228ed0637d3aa57abff19cef0bc192bb6bd854a49d6aabb2c08e85eb4a45b50250f5710b9e9636cbf17329

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
12KB

MD5
527ce3562bdb22eeb6625c4ae0eb775b

SHA1
cbd912b79e3d83812d433a5d1a56bdc22810bb02

SHA256
d48fc490a542d221d91700a00d6f3d828968c8d74bfddb149ec361b958aa14f4

SHA512
56c361708028ae5f11a7b026a686cca7d5a9d86682ed13dd10ee82b862d6751c5f2a309c77c66bfd4b4bee6548c344a87d4ecf1fc041ebc61445f5fd826b3753

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
13KB

MD5
61b587a64043656578b749013871732d

SHA1
fc814841c7172ae70edf02229d28b0a19407c45a

SHA256
e45adfd99011fe2e29a231133c1cf16e2ae68b7be4b7bd23be3672e3d33e93ff

SHA512
511c7581d7fcd1e1c71e191a99e4ed81364fc222d8babf80ca79d2d84a4243159b573bfb2ad645536d8b88de1f056e0763687815365f3730fd6fc20538e92a3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
16KB

MD5
edd64b73d91d0b9efe9473f72652d76e

SHA1
70e2d0b255495b58ccaa9f1de965d1a17a99b63e

SHA256
11f43aa0f5420a3175646a36562a1ae0f3554b04d63216569ae78ec089f9f336

SHA512
0135e159c5357dda5ff6229708770484e54a3215c765c7e048a2ba20c57fddd21efb2317929d7c0b6b2db014cbfa79ad754a70c6a835d665583ee6eee2aaf505

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
33e0cc3fa6c5153d72bce0ca91600384

SHA1
1ce2f3430a49adb366b2130ebf0e84400b76a321

SHA256
9c43a861b4f7889bacb1b76361bd3fe23241f14d63109042575043ae4735aa01

SHA512
9913148a7948a1c8de86f49fe15469ad12760345b7432e9207695ea9eb711ea69e7035c6a945fce1409b7f76d313025ace4c7162299baca9fe54a77ac47a52be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\bookmarkbackups\bookmarks-2024-10-04_11_vDmcqcGTsS-x0pTAdB1VPA==.jsonlz4

Filesize
1017B

MD5
1367beaf2ef8e5b03d55c1eeb67c752e

SHA1
6a48bf4f706d8557c10bbd47b4ec7363e28fd52d

SHA256
27948b7f272c791eef2b48a12fc7c541da1c41be71910887eaeb7bb5afe16985

SHA512
a0f8d2779e4f5914d32b164c9bd390f30fccd605103e181346d1bdab046f76c6122dea93e345fe8bfaabc109ef2eb7e006b117a742ab60ee35312233054950d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\cert9.db

Filesize
224KB

MD5
ec8ae26569f3a33a16573c46b227c928

SHA1
0e18b1b71f927a88bc519f5b3bf1f88fbddb08e9

SHA256
876c749bd0711fbcc5e8e21673786d5f9699cc3a9361df7a18d4985788601b0b

SHA512
fdb55e8af18a294a92b1576a7268ecbbf23f90254025f60cf7f624a20909e8c7fb040ca77650c0279e36c9455179166a6d471a3904cc6b67a35dba469dedf9cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\cookies.sqlite

Filesize
512KB

MD5
1af6e57d4ba39ff61d044550e412fda2

SHA1
ed0a7a7b475c28f92466fa3399637fe38dd94d4a

SHA256
73f4ca60a183d965ef98726213210159b14d66f9bca484a1bf0594485f5988ee

SHA512
acc422eb50212a196c2e35fc1ae8e4c723d677d1732c4ecc4216feed17ea2156c92ecb078295b7e75fac70990d7ce78fb0ecd74e5d47417ede358267e62ac8b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.bin

Filesize
48KB

MD5
9f663b277e4d815e8636b6d141992857

SHA1
b69be7860c85cf5eccb9aa702dd11d5d095f3603

SHA256
6925d17042daaf9f7b99a6ae8ad019186adb70ab5726c60f7ff88944cbf25e04

SHA512
90e7f343c7b73ffa4b2ae9caea923e239cab51d062524edb0094988caaebbd4b226c3758deb7f05f59c8dcc0c819158226df13b1af0a7124e7c23c0202c5576e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e511b2f4deff987a25fc15bc290fff35

SHA1
5d1716bbc1a03d576be8b3426dd143fd319b1821

SHA256
88cf617a020b8c2b1b7e26950fd75b5e5b83d1e7f1404edabef11ad604eea3a0

SHA512
1835f753c33ffe5548d19766377682a005c1ba15c6bb490a4a4d493710e1e491b47baf66ec18dc6b529204ad54558889c398cbfd1043ffc6d019414716cd1b32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
57KB

MD5
9e99d1f8e532303473eb5d438a5f0dd0

SHA1
fe9d6a441ae3f57c094c2166406114f14701dd65

SHA256
c3938d2953a4a0d274e49771103f3b9fa15098c64ace600898dadbf1f2a0812b

SHA512
9f9a4223cf9cbf5ed0fe2514307b1ecab5df260a57b99d10a6d6cf816e03eee8410bff042c2be9617381bd103fc82242515bc2cfa31d2139328c005ea7c181f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
61b0367d4cdb1a23b338c04e8c9eb145

SHA1
84db2e44e4f3549515f94743470941f4c0df06e1

SHA256
7bba60663a3c9572535806d6e707aa8e338f09099833fc2aa8d2b5643284999b

SHA512
3bca675c52be50d36bd05f7e514c20c53f094b13c476433d7c8cb59b58094cee4c56f6640e4c02ecae1e89f3f1bb22ffca74a2133a87c0cbd6d3b30264dc0595

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
57KB

MD5
18dd3b302d2497280cd99790aa0f545c

SHA1
e9b688957bc8eab4c4553027d012a28851d806bf

SHA256
d63e90e29b30fe5dbb7a135c3f49eed2d5c5fdf8dcd29bb343c426ae7a3ed946

SHA512
e26430760b7ace89ebfc8ae0d325870e33a5a7da79dd68abb2b3354852a541f9385d09105296376c9c17943dc478498faea535d2a204b4f3ce74f14e17ad0ad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
46f92da3a2388b12c404b53a126aa9c1

SHA1
0fe5914aef8ad4a09c5fc67b3fecfd1d290bc557

SHA256
b4cbf9aad1511e2f307226038c500d2a64a17533d6410e383fb72c6b0af5d188

SHA512
9605f19bb544a6f1103d5aa3b07a4ce779799c217c819c562a3327f571bc8523f74f478a287983a15f9103b789ed0fcb4a22fb7c90717fea907af9c80346db94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
9fc961ad604b55f1ed7dc2f646a83713

SHA1
67588d4cfabcdef9e1e62bef3b62dcac96620339

SHA256
416a26ca7c81339e6eb7cc435bd350fc1901dc7a1f2e1a48bed66a2d6c28edf2

SHA512
446f79863f94d533e0cd666ce9c472d1bf0186853e987677954167b1db713e2674084094e67f48e63701b994c04b1b1f1aff6f0ab3ceaad748ac01647e09684c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
23aed468cb28b22a7b3298eb5d07621e

SHA1
a38e6215b5613aaf7a05a1ef93fb4adfc56ba58a

SHA256
64ba95d96cf64dcd48a0841918fdcb02fd373c5d562a010bd0f19cd9e34846f2

SHA512
bd2c8e750cd0a14e5b24e698227c43d2e01bc400fa18ae72c604153b0ad495efdc0cb218817a54616bd5515fbcfdc63f594f38eaabc02e57df7519d484a052b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
75303d9f723be858e0328d9c799a83c5

SHA1
935d749c0f1c3cacab5dbd350387b6f035744db1

SHA256
5a4642c31dd9e77c7eb4e069acff078014f49620ca8e82a770b37e46f5ad7267

SHA512
32b10153089467ba72108a4781d951ec2c4dc025097ecff197de518f5952d1ab0a22f3c536a8091c45281f2dc808efb491f1d82d998c04cf82c896cbcc5b9a82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\events\pageload

Filesize
399B

MD5
f3a24f1d88f600a4fe62b6e914a5e9a8

SHA1
28eeb16430478f57cc9da9c8b8230dbc622601b6

SHA256
bb7af3af63e3eb1d8fbf8b1689bf0dbe8ad80cf74a0f95d3a93d700f0715b526

SHA512
2ef4bb46497ba32e27164e54ad93fe0894abf00a1bc1e6bfc4572536574b20be74cae1ad78657f8c7a33e34706283e229266392692881359f44bf956b0b6e060

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\783052db-8628-43b7-9253-968db84487ca

Filesize
982B

MD5
e00a07902ee5ec80d1244520833d67f2

SHA1
43e764c5047156985ee1c676dd8168e02a9c76af

SHA256
3fbb842ec8dc27012128c938aca5078ca6a3e1b58bdba1528ab6766efbb1020d

SHA512
d36285e41bb96698a957eeaab9b0fd8307866bfac901487cf588c093218e0e37fbe63c6cbe3a43e57e2c566370bff9e2fdf5ece7ec97c00fc0ff309eb9d5280f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\84d4c310-835b-40ad-9647-953756176c47

Filesize
671B

MD5
a9d0177a6783488efb9b38e3adef3d57

SHA1
bf6a79d16a20ad0a3558976ae33c7cad01ee8041

SHA256
98d9a3ddb6db9c1a2c9f43b962f3f2ee12d262f99a16d00729e8c1297c55d243

SHA512
02ef78b5bc3b821d861c99e322acc3fffacbe44a779e82e17e6679b16f72ffb9b1cf9af41621899dc577b6dc58696956f8373bf144efaedf2ab3fbcc5672e8e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\a1ea5f79-3090-4215-a776-ad79a90b9f8c

Filesize
789B

MD5
313cf747bff2e95ed1307393a474d00a

SHA1
52697f2d51c029dbb89eda06512c8e1f7fea451e

SHA256
60c462af6540a31d13594d8462ce32a833e463d2aa668c9b029ca8baff10fe8b

SHA512
26dc067cb73adc7946b300f198cf46fe61f14c82345ca964004b594343b53f2bf50461492f84bae46fb490b0c6b5c88912f0f0aaebe85aafd15befb2de3e2aed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\a50e5003-3e5e-4cbd-8373-218efb612dc6

Filesize
24KB

MD5
b07186cfed1bbdc6ed780abb6d63d236

SHA1
380ac25016b35ef10fd705fd3e496db0252fad5a

SHA256
4e9d36d25d183e3808acd7099f873fb12a0b6f84a91f4659c05c92db7d265a17

SHA512
58a2c0cc6fd4e464dfb197d9aff39dbf37a7d2243e6203d27e0cc47adf8538e3ef7059c7062bb54878b2c771cb90673ff714a5856cf41ae976b88fcf4f3ee9c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\b875ddb3-9443-40cb-888d-54446e8f7119

Filesize
717B

MD5
a57eac19bfc867b55b705823adecd1f5

SHA1
3d580d90917e4444b40bfb725fa7139dfe78087a

SHA256
b302c6fd5ffdbb0ed5db31221ab1d40c1fe46f8862637bef2ca60d8f74f1643b

SHA512
7149467f75eb241bf4fb7e0d9473e3eef61589518485ea0cad1204a55faf9291c6a839c6c5980c15dfc47ea76d6c487e84a84bdfdc4080c17d414ec9d94c978f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\e50796ca-02f5-47c1-86f3-64318456f3d4

Filesize
905B

MD5
a5d201b6ee67fb046214832da41d4037

SHA1
3f872507c120115bfa67cb366fd1e11895041100

SHA256
76b72bce1fa1a2398ce07811abb0e0aec3dfaa950b7cb4b4bdd2114d74d86502

SHA512
a705b068799f19504dad65c4cfb8ff4929bac5432d86ed99936e6d6be55b9f6766c695d5982eb14aee0bcf7bb4470b5924d4dcfcd55f69513d709e881086cfd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\favicons.sqlite

Filesize
5.0MB

MD5
ad01ae9fd596e4b317586e60d6376889

SHA1
644cc3ae3a5482a5fd17247b2b9aa98d6f529939

SHA256
979495dd61701e38e74beaa5c9cd60c16f4163dbfc7297caffd2ecd904c73f26

SHA512
c3bd68c926d28cbf547292fb3ba91c0234610561cd945900e0a5d256cb4e31cc975c3e886a80e513b5e38ec73858d82bc87b56c0b9c146b1a0452a669cc78cd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\permissions.sqlite

Filesize
96KB

MD5
2cea1e9f95a3fa5fb0a1740e91127b6e

SHA1
ebffaaa4e9d91c984713e69ed358593724f4f1fb

SHA256
5aa8f33184c159e139fe995a0b632513d73225527869fcceedec2a3700fbfd67

SHA512
d5ef9e84076f2c88b54c303ec03a90f83810c08d00564dcf8e7655ecb4e8b2e4fb171ff57a473eb1a2df00d5ce2005fd1af51d694c059ed8bca6c391bc7633c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\places.sqlite

Filesize
5.0MB

MD5
fb9501c50555e80e958c4207e3a0fb1f

SHA1
92986ec44839ddaab3051a09b325953c445ad430

SHA256
8bc43e700b90bcc5fcf4a1443da17e56a41601ee8678958699f3a2f9ef81ad5e

SHA512
f96997c2ac252200fe2a8e051fbec9e7a460e2c7ab73f1d2267335fab7c40c4450f61a7fe47ffdaaf518f6a28e21e16ca954b187ada18f9230cc4b70fbbbc644

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
434da3fcbfd8ff3e9841cee572c9361f

SHA1
aee52da1e7a17031bcf72c67c4736da0c8c03ca4

SHA256
dc07ce354d267ca26c653cd9a6c796c4fac0e65a9e4f4fe7a4948413449b5921

SHA512
8c6b11ed22d4fe6c8a8bc2d7cd4883366d99d7ac47c1ab4ac34e413d7f226c8a1dc8d17c28a280ad92406c8e0c26dca47a820abf6216c02e1c63d210455cf65c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
10KB

MD5
9bd8b453500963641cdf1fb289450fd5

SHA1
1c3851544d0a07f527e43f5b481d5af45f2db55a

SHA256
fc59bebae3b154e1a9cca1fc89febae231445abac5579215c6b1454212156fb0

SHA512
76631c2ea6657b322d947db11bfaeaaf99e5c0a5bf7620ef6a8ae0243da88d4eb6d6bee3fc9a49d4502e48946f182a66cd7c318c8f035be377a5596a3f8ea99f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
10KB

MD5
37515b3cab9e021c1c825243c8dffd60

SHA1
20ca8e89f5e3b98aa28220bd90fc3a018a2f5183

SHA256
98559284f39eedf8afdfce33ff51c747a4d2f634a58a41b83577b9f10a690c4f

SHA512
2e6209bd0b2de88b43a22094bcd1219f0ca0387a63d6489695ae4fdd8123acf4219a914ae27ff1917141f5457128c29251b456241bca496ef87b947b51b7c9cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
12KB

MD5
a6b7351f1d38a1f2e120316760950b7f

SHA1
d680e7c4ef0cdfb8b9d9c1d930aee0670a344246

SHA256
05a60ca1a90342a0924932e72759aad0899a5242f9066aee5b4b317eb3104a73

SHA512
4e7e861454c184740e7385a2af876872a4c70e414c257ce4cd02769f1e0f52ece4c84c5be272fa17eb6756dcb8b8902492df28f974fa7645812bf8c2e23c8ec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
61adb391124dea45062a03f8ad8a8d16

SHA1
9c7c6d5fca9445f5ab91d0d3d17db24b027efb8e

SHA256
bb94149cf470522eecb23e08444ecbeff32ce65e10163153394e2da6a68ff645

SHA512
4d95ba8039ad48e60378f2d5dfb6dc3d1b5c680fd9bff1f20a61a540a54f9a20286b3e3059b778dad082b555071e6a0bcbe4bfd428be4b6ab2fb43446037c030

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
38860ab730cd854a28ad791e07ca6bae

SHA1
0de03af4af365f337a36f5948975b35dd1629b73

SHA256
7b7ce2d0ec8dd1c9dc921d2c596a6ae499e717395be4dccf4e642c4e14a00f75

SHA512
0ab88ce8601507a8382cffbba9b623ae64ebbb61671fcf0f7869be2fc6b35a0875b57fe784ede56830b23760fcd79f905df1e18d955c8a413e0b4bd3356511bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
b6658e0c3228e14ecf64356a65b1b939

SHA1
1f51db92240118f6cfc8455d7c96873ee2b1b96c

SHA256
0019c31e810ce7eff1ce530a4fb5643ab29576f000fe1d418cc50bbcdd5e8583

SHA512
7075027a2869ec30fece6a85a3b2dc22faad22d5ddb19abcf1d83e419aaef318835b82526ebef8fd945b15e4a82e3d3f245544fb124eb77b45f5a01a998c7df9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
f4952f214e87e015910415902d75e166

SHA1
1386536e621a2d5ba32e5639a9c1560d08cef1a8

SHA256
9d5a6d418c0ad702a5d50d71e96efaf95097df8836258d1720269c82d2d0c2f5

SHA512
336bb485f52b29ace4caf59e290cb8f6876ffd38ba5320fe0c92eb90e4c55a7de7f464123d6c6e87df036fb33ff968f63de13d8e733300c630c53c5134750328

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
722e9ec0233f6ebc6b5d929fd78370dd

SHA1
a387760b35d55c8cc1a296132759a70d3ee0235d

SHA256
beb65064e6a078df4814aaac3ee54703bd38a7d4748fbae8441ee53b67405b30

SHA512
3e73dc3a53162ebb0d79464997a919e5bcbeec149b50d5191c2a263e8ecfd19bee4e04f369f4e952411706e3b6a72e4ee1e8798911a4a3336545b47187291cb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
c76a4ee6fdec6c6e0fee6634816b8dca

SHA1
6141e4935cdedcc67108e31908b8b880b1c33629

SHA256
d000e5d6b522ea493282eb87f7802b2f7cda8ad94fc6e3776a10567b2e541507

SHA512
3712b9f7b548d4b2455e3d67d94c74d8e5ef29353511f7ddb5af0220d437577659d16b4dfd3ab6cb041e3ffedb996a67a8bc389abc20d81ac73244ded6d41549

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
ded975fa080cb44fd93df34c5c1af6fb

SHA1
3769506b4d40ce6629313392e9e52e9f9ddc3771

SHA256
d2d6541b48fbc978bdc32ad4337ec2c5a468033341f5831c5902b4b78f784537

SHA512
ce686c7ff0263363e1f9bfd7f3ed55552a05198fb6cc33eb5738da0b4b2b6482ce24cd679ecb1968f0f172170a92f753919dc2653104d6130b3816a7a747a30b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request