Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1483423
MD5:b078d31fc894b91a32e1c40c596fe1ec
SHA1:ed490245f51c3b2fad83e2eb22ad48d5260a8ad8
SHA256:3188153b52c7148bf97d29e8d0447b1d50ddbde7d0ac56005e2b758dab432030
Tags:exe
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Hides threads from debuggers
Machine Learning detection for sample
PE file has nameless sections
Abnormal high CPU Usage
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7392 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B078D31FC894B91A32E1C40C596FE1EC)
    • firefox.exe (PID: 7584 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7628 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7644 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7904 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab533d8-a973-49df-af8e-2a2d2e8eca71} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b9176d110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5652 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -prefsHandle 1568 -prefMapHandle 3876 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c04207-d988-4604-93b1-3fc9de6d621b} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b91742910 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7188 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5456 -prefMapHandle 5408 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09085be-52c2-4e9a-a064-f9a8b5c45ee7} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20baab68510 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7392JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Suricata Signatures

    Timestamp:2024-07-27T12:01:22.226295+0200
    SID:2022930
    Source Port:443
    Destination Port:49730
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:2024-07-27T12:02:01.102871+0200
    SID:2022930
    Source Port:443
    Destination Port:49784
    Protocol:TCP
    Classtype:A Network Trojan was detected

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: file.exeVirustotal: Detection: 33%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49758 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 143.204.215.115:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49793 version: TLS 1.2
    Source: Binary string: rsaenh.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdbP4O source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.4.dr
    Source: Binary string: winmm.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.4.dr
    Source: Binary string: psapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 279MB
    Source: unknownNetwork traffic detected: DNS query count 30
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 143.204.215.115 143.204.215.115
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 00000003.00000002.1894536119.0000027CDC470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000003.00000002.1894536119.0000027CDC470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevatione equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account, equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2077134557.0000020BA3F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2061402287.0000020BB10C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061714268.0000020BB10A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000004.00000003.2061402287.0000020BB10C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062792736.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2044409145.0000020BA9452000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2094238979.0000020BAE459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069277322.0000020BA9445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000006.00000002.4154688751.0000028F875E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows.+:3d equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000009.00000002.4153856392.0000012C8E2C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsB equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2094664082.0000020BAB686000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101201125.0000020BAB686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000006.00000002.4155296365.0000028F876B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4154893087.0000012C8E564000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154659738.000001692AC64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000003.00000002.1894536119.0000027CDC470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation' equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/accountj equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.4164485337.00000000054D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\Desktop\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows%Bg equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\Desktop\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Defaulth equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000003.00000002.1894536119.0000027CDC470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default! equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000006.00000002.4154688751.0000028F875EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155296365.0000028F876B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155296365.0000028F876B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account, equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000009.00000002.4153856392.0000012C8E2CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountX` equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountbl equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2044409145.0000020BA9452000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069090105.0000020BA9459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: WindowGlobalParent.getActor: Window protocol 'Translations' doesn't match uri about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1882789044.0000025C5AE2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Z8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2100499450.0000020BAE3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000006.00000002.4155296365.0000028F876B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4154893087.0000012C8E560000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154659738.000001692AC60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\bro equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2105513292.0000020BAE428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2099408334.0000020BAE48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: efox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ and total time spent inside rs-experiment-loader-timerWillChangeBrowserRemotenesshttps://www.amazon.co.uk/main/nimbus-desktop-experiments equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000004.00000003.2061402287.0000020BB10C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061714268.0000020BB10A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000004.00000003.2075197556.0000020BA3A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2100794324.0000020BAE3BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2061402287.0000020BB10C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062792736.0000020BAB46F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.4162212300.0000000002516000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2044409145.0000020BA9452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account# equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account* equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountL equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2077134557.0000020BA3F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1882789044.0000025C5AE2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
    Source: recovery.jsonlz4.tmp.4.drString found in binary or memory: url":"https://www.youtube.com/account","title* equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000004.00000003.2044409145.0000020BA9452000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930434277.0000020BAB3D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2100499450.0000020BAE3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2105513292.0000020BAE428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2099408334.0000020BAE48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xe=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2099408334.0000020BAE48A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082411555.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 00000004.00000003.2100029510.0000020BAE459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101775067.0000020BAB4AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2096493863.0000020BAA0D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2103517132.0000020BAA0D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062672605.0000020BAB4AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2097454702.0000020BAA0D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065837210.0000020BAA0CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB4AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106554328.0000020BAAEEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042051836.0000020BAA0CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 00000004.00000003.2104987514.0000020BA9451000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042051836.0000020BAA0CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#(version
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#browser.toolbars.bookmarks.visibilityhttp://json-schema.org/d
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#Index
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 00000004.00000003.2030274249.0000020BAA6F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2028253332.0000020BAA6F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2027098403.0000020BAA6F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/appId
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/appName
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratiohttp://mozilla.org/#/properti
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0The
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/valuehttp://moz
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value/ad
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuehtt
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/itemsTesting
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemshttp://mozilla.org/#
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratio
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/countVersion
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnitThe
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/startA
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/channel
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/endDate
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/endDatehttp://mozilla.org/#/properties/proposedDurationhttp://mozill
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/branches/anyOf/1http
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOuthttp://mozilla.org/#/properties/localizations
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/id
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/isRollout
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/localizations
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalProperties
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/1
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes/items
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/referenceBranch
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/schemaVersion
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/schemaVersionhttp://mozilla.org/#/properties/channelhttp://mozilla.o
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/slug
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/slughttp://mozilla.org/#/properties/appIdhttp://mozilla.org/#/proper
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/startDate
    Source: firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/targeting
    Source: firefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/userFacingName
    Source: firefox.exe, 00000004.00000003.2020070030.0000020BAB8C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2051278414.0000020BA2EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2035148281.0000020BA963E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015771215.0000020BA962B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015057135.0000020BA2EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2033107433.0000020BA966A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2084170747.0000020BA96AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2012808297.0000020BA963D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930434277.0000020BAB3D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2046482379.0000020BA3D58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021157775.0000020BA95F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2036989054.0000020B9E446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2033107433.0000020BA9663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2091439508.0000020BA1A3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2088452327.0000020BA963D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2075197556.0000020BA3A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2031031640.0000020BA9634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2078374857.0000020BA145F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020070030.0000020BAB8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.thawte.com0
    Source: file.exeString found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
    Source: file.exeString found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
    Source: file.exeString found in binary or memory: http://pki-ocsp.symauth.com0
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.4.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 00000004.00000003.2094664082.0000020BAB693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 00000004.00000003.2047275337.0000020BA399E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000004.00000003.2047275337.0000020BA399E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xule
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttps://www.amazon.com/exec/obidos/exte
    Source: firefox.exe, 00000004.00000003.2047275337.0000020BA399E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xuln
    Source: firefox.exe, 00000009.00000003.1921380657.0000012C8F2FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1922433616.0000012C8F2FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4160690423.0000012C8F2FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.4.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 00000004.00000003.2071287474.0000020BA3E6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 00000004.00000003.2038473193.0000020BAB4E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101477064.0000020BAB4E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062446661.0000020BAB4E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2094967435.0000020BAB4E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 00000004.00000003.2103699447.0000020BAA098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042940902.0000020BAA091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 00000004.00000003.2095098975.0000020BAB0CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2102374771.0000020BAB0D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 00000004.00000003.2082814005.0000020BAAB64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064728646.0000020BAAB64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106751786.0000020BAAB64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAFCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739Certificate
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2011108278.0000020BA1D99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 00000004.00000003.2060628072.0000020BA2E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 00000004.00000003.2010120968.0000020BA1D72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000004.00000003.2100029510.0000020BAE459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000004.00000003.2046482379.0000020BA3D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000004.00000003.2101477064.0000020BAB4FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 00000004.00000003.2033107433.0000020BA9663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015771215.0000020BA9662000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2031031640.0000020BA9662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 00000004.00000003.2062792736.0000020BAB482000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 00000004.00000003.2038046959.0000020BB10AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000004.00000003.1950360625.0000020BAE227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1952277996.0000020BAE224000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1970864817.0000020BA957B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000004.00000003.2094967435.0000020BAB4E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA267B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA267B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker__absolute_recursive_ref__
    Source: firefox.exe, 00000004.00000003.2020070030.0000020BAB8C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 00000004.00000003.2020070030.0000020BAB8C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB2625000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000004.00000003.2083457713.0000020BAAB54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106751786.0000020BAAB54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2028894780.0000020BAB12C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2041311912.0000020BAAB54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: prefs-1.js.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 00000004.00000003.2095098975.0000020BAB095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2102603698.0000020BAB096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000004.00000003.2063546660.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930829914.0000020BAB3BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 00000004.00000003.2096433936.0000020BAA0EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2103460993.0000020BAA0EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB2622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/c85f2a42-5cf5-4b5a-bdeb-5f922
    Source: firefox.exe, 00000004.00000003.2063546660.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitX
    Source: firefox.exe, 00000004.00000003.1930829914.0000020BAB3BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitp
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schemahttps://json-schema.org/draft/2020-12/schemaresource://g
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000004.00000003.1900654977.0000020B9ED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2029892686.0000020B9ED32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000004.00000003.2033107433.0000020BA9663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015771215.0000020BA9662000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2031031640.0000020BA9662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000004.00000003.2067305300.0000020BA949F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000004.00000003.2103699447.0000020BAA0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042541026.0000020BAA0CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA0CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000004.00000003.2046482379.0000020BA3D6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2102374771.0000020BAB0FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105827069.0000020BAB0FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2095098975.0000020BAB0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 00000004.00000003.2038191292.0000020BB10A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930829914.0000020BAB3BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000004.00000003.2103699447.0000020BAA098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042940902.0000020BAA091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 00000004.00000003.2103699447.0000020BAA098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042940902.0000020BAA091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000004.00000003.2098941063.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038244106.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061743331.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 00000004.00000003.2062075598.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2099408334.0000020BAE48A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072057027.0000020BA3E48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082411555.0000020BAE48D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 00000004.00000003.2044409145.0000020BA9452000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069090105.0000020BA9459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104888762.0000020BA9459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 00000004.00000003.2018791084.0000020BA3FB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1947915852.0000020BA3FB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 00000004.00000003.2071287474.0000020BA3E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.4.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 00000004.00000003.2038191292.0000020BB10A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063546660.0000020BAB373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/https://www.leboncoin.fr/nimbus-desktop-experimentshttps://www.wikipedia.
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 00000004.00000003.2073594698.0000020BA3D6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020309372.0000020BAB8A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 00000004.00000003.2046482379.0000020BA3D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 00000004.00000003.2091753320.0000020BA1300000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 00000004.00000003.2072399347.0000020BA3D7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 00000004.00000003.1944204385.0000020BAB870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1947141147.0000020BA32EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000004.00000003.2038046959.0000020BB10AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1958324936.0000020BA2671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000004.00000003.2045160907.0000020BA3DA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038473193.0000020BAB482000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2062792736.0000020BAB482000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2098941063.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2038244106.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061743331.0000020BB109D000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 00000004.00000003.1958244288.0000020BA267B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1970864817.0000020BA957B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 00000004.00000003.2082638399.0000020BAAF73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063916413.0000020BAAF73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: targeting.snapshot.json.tmp.4.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 00000004.00000003.2100029510.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3DD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3DD0000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692ADF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/g
    Source: firefox.exe, 00000004.00000003.2100029510.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2094238979.0000020BAE46C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.4.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 00000004.00000003.2038191292.0000020BB10A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000004.00000003.2075197556.0000020BA3A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2100794324.0000020BAE3BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9EA000.00000004.00000020.00020000.00000000.sdmp, recovery.jsonlz4.tmp.4.drString found in binary or memory: https://www.youtube.com/account
    Source: file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account#
    Source: firefox.exe, 00000003.00000002.1894536119.0000027CDC470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account--attempting-deelevation
    Source: file.exe, 00000000.00000002.4164485337.00000000054D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountC:
    Source: file.exe, 00000000.00000002.4164878709.0000000006A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountL
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountMOZ
    Source: firefox.exe, 00000006.00000002.4155296365.0000028F876B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4155296365.0000028F876B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4154688751.0000028F875E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4154893087.0000012C8E564000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4154893087.0000012C8E560000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4153856392.0000012C8E2C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154659738.000001692AC64000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154017883.000001692A9E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154659738.000001692AC60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
    Source: firefox.exe, 00000009.00000002.4153856392.0000012C8E2CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountX
    Source: firefox.exe, 0000000A.00000002.4154017883.000001692A9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountbl
    Source: firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountj
    Source: firefox.exe, 00000004.00000003.2075197556.0000020BA3A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49758 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 143.204.215.115:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49793 version: TLS 1.2
    Source: file.exe, 00000000.00000002.4162315605.000000000258D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _WINAPI_GETRAWINPUTDATAmemstr_13583f49-8
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7392, type: MEMORYSTR

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exe, 00000000.00000002.4150606469.00000000006E2000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3585a449-4
    Source: file.exe, 00000000.00000002.4150606469.00000000006E2000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_89e01ee5-3
    PE file has nameless sections
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 49%
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5D2377 NtQuerySystemInformation,9_2_0000012C8E5D2377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5F63B2 NtQuerySystemInformation,9_2_0000012C8E5F63B2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8907B80_2_FF8907B8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8900000_2_FF890000
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5D23779_2_0000012C8E5D2377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5F63B29_2_0000012C8E5F63B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5F6ADC9_2_0000012C8E5F6ADC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5F63F29_2_0000012C8E5F63F2
    Source: file.exe, 00000000.00000002.4162069374.00000000024B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Comments|CompanyName|FileDescription|FileVersion|InternalName|LegalCopyright|LegalTrademarks|OriginalFilename|ProductName|ProductVersion|PrivateBuild|SpecialBuildrrorHp) vs file.exe
    Source: file.exe, 00000000.00000002.4162069374.00000000024B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Comments|CompanyName|FileDescription|FileVersion|InternalName|LegalCopyright|LegalTrademarks|OriginalFilename|ProductName|ProductVersion|PrivateBuild|SpecialBuildhs;ptf) vs file.exe
    Source: file.exe, 00000000.00000002.4156644230.0000000001E3C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FV_ORIGINALFILENAME vs file.exe
    Source: file.exe, 00000000.00000002.4157110061.0000000001E92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
    Source: file.exe, 00000000.00000002.4157110061.0000000001E92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FV_ORIGINALFILENAME vs file.exe
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 1.0002166748046875
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9943181818181818
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9993479330708661
    Source: firefox.exe, 00000004.00000003.2025639777.0000020BA32D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021484313.0000020BA32D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 2.SLn
    Source: classification engineClassification label: mal84.evad.winEXE@19/40@64/11
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Program Files\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeVirustotal: Detection: 33%
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab533d8-a973-49df-af8e-2a2d2e8eca71} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b9176d110 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -prefsHandle 1568 -prefMapHandle 3876 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c04207-d988-4604-93b1-3fc9de6d621b} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b91742910 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5456 -prefMapHandle 5408 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09085be-52c2-4e9a-a064-f9a8b5c45ee7} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20baab68510 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab533d8-a973-49df-af8e-2a2d2e8eca71} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b9176d110 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -prefsHandle 1568 -prefMapHandle 3876 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c04207-d988-4604-93b1-3fc9de6d621b} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b91742910 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5456 -prefMapHandle 5408 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09085be-52c2-4e9a-a064-f9a8b5c45ee7} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20baab68510 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic file information: File size 3206656 > 1048576
    Source: file.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x21e600
    Source: Binary string: rsaenh.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdbP4O source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 00000004.00000003.2096956640.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2104230942.0000020BA94FE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.4.dr
    Source: Binary string: winmm.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA9456000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.4.dr
    Source: Binary string: psapi.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 00000004.00000003.2104987514.0000020BA944A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 00000004.00000003.2104854909.0000020BA9468000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 00000004.00000003.2104312265.0000020BA94E8000.00000004.00000800.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.620000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .data
    Source: file.exeStatic PE information: real checksum: 0x129231 should be: 0x311189
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name:
    Source: gmpopenh264.dll.tmp.4.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892780 push FF890002h; ret 0_2_FF89278F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891880 push FF890002h; ret 0_2_FF89188F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890C80 push FF890002h; ret 0_2_FF890C8F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890F80 push FF890002h; ret 0_2_FF890F8F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891280 push FF890002h; ret 0_2_FF89128F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891580 push FF890002h; ret 0_2_FF89158F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891B80 push FF890002h; ret 0_2_FF891B8F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891E80 push FF890002h; ret 0_2_FF891E8F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892180 push FF890002h; ret 0_2_FF89218F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892480 push FF890002h; ret 0_2_FF89248F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892990 push FF890002h; ret 0_2_FF89299F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892690 push FF890002h; ret 0_2_FF89269F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891A90 push FF890002h; ret 0_2_FF891A9F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891790 push FF890002h; ret 0_2_FF89179F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890B90 push FF890002h; ret 0_2_FF890B9F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890E90 push FF890002h; ret 0_2_FF890E9F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891190 push FF890002h; ret 0_2_FF89119F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891490 push FF890002h; ret 0_2_FF89149F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891D90 push FF890002h; ret 0_2_FF891D9F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892090 push FF890002h; ret 0_2_FF89209F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF892390 push FF890002h; ret 0_2_FF89239F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8928A0 push FF890002h; ret 0_2_FF8928AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8925A0 push FF890002h; ret 0_2_FF8925AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8919A0 push FF890002h; ret 0_2_FF8919AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890AA0 push FF890002h; ret 0_2_FF890AAF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF890DA0 push FF890002h; ret 0_2_FF890DAF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8910A0 push FF890002h; ret 0_2_FF8910AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8913A0 push FF890002h; ret 0_2_FF8913AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF8916A0 push FF890002h; ret 0_2_FF8916AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891CA0 push FF890002h; ret 0_2_FF891CAF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891FA0 push FF890002h; ret 0_2_FF891FAF
    Source: file.exeStatic PE information: section name: entropy: 7.999455501205013
    Source: file.exeStatic PE information: section name: entropy: 7.9916241651821105
    Source: file.exeStatic PE information: section name: entropy: 7.999159860330949
    Source: file.exeStatic PE information: section name: entropy: 7.965597778388454
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5D2377 rdtsc 9_2_0000012C8E5D2377
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 513Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2404Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1936Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1380Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1500Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 511Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 414Jump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 7408Thread sleep time: -2404000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 7412Thread sleep time: -1500000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 1936 delay: -10Jump to behavior
    Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 1380 delay: -10Jump to behavior
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: #Windows 10 Microsoft Hyper-V Server
    Source: firefox.exe, 00000009.00000002.4158913142.0000012C8EB60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Microsoft Hyper-V Server
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V
    Source: firefox.exe, 00000006.00000002.4154688751.0000028F875EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWn
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4161530171.0000000002351000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
    Source: firefox.exe, 00000009.00000002.4153856392.0000012C8E2CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWb
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmware
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: "Windows 8 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
    Source: firefox.exe, 00000006.00000002.4159732457.0000028F87A18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
    Source: firefox.exe, 00000006.00000002.4159732457.0000028F87A18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V (guest)
    Source: firefox.exe, 00000006.00000002.4154688751.0000028F875EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Microsoft Hyper-V Server
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
    Source: firefox.exe, 00000009.00000002.4158913142.0000012C8EB60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000886000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~VirtualMachineTypes
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000886000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000886000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: )Windows 8 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %Windows 2012 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: $Windows 8.1 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ,Windows 2012 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Microsoft Hyper-V Server
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Essential Server Solutions without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Essential Server Solutions without Hyper-V
    Source: firefox.exe, 00000006.00000002.4159732457.0000028F87A18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.4154688751.0000028F875EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154017883.000001692A9EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158334696.000001692AE00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
    Source: firefox.exe, 00000006.00000002.4158856734.0000028F8791A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000009.00000002.4158913142.0000012C8EB60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %Windows 2016 Microsoft Hyper-V Server
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: +Windows 8.1 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: xVBoxService.exe
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: *Windows 11 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ,Windows 2016 Server Standard without Hyper-V
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
    Source: firefox.exe, 00000009.00000002.4158913142.0000012C8EB60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4161530171.0000000002351000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: *Windows 10 Server Standard without Hyper-V
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
    Source: file.exe, file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
    Source: file.exe, 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: #Windows 11 Microsoft Hyper-V Server
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000012C8E5D2377 rdtsc 9_2_0000012C8E5D2377
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountJump to behavior
    Source: file.exe, 00000000.00000002.4150606469.00000000006E2000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_FF891BE0 GetUserNameA,0_2_FF891BE0

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		12
    Process Injection    		1
    Masquerading    		11
    Input Capture    		111
    Security Software Discovery    		Remote Services11
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		12
    Virtualization/Sandbox Evasion    		LSASS Memory12
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		12
    Process Injection    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA Secrets1
    Account Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials1
    System Owner/User Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Extra Window Memory Injection    		DCSync1
    File and Directory Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
    System Information Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe34%VirustotalBrowse
    file.exe100%AviraHEUR/AGEN.1314148
    file.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    example.org0%VirustotalBrowse
    star-mini.c10r.facebook.com0%VirustotalBrowse
    prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
    prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
    twitter.com0%VirustotalBrowse
    services.addons.mozilla.org0%VirustotalBrowse
    prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
    youtube-ui.l.google.com0%VirustotalBrowse
    reddit.map.fastly.net0%VirustotalBrowse
    normandy-cdn.services.mozilla.com0%VirustotalBrowse
    prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
    prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
    ipv4only.arpa0%VirustotalBrowse
    us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
    content-signature-2.cdn.mozilla.net0%VirustotalBrowse
    telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
    prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
    support.mozilla.org0%VirustotalBrowse
    spocs.getpocket.com0%VirustotalBrowse
    www.reddit.com0%VirustotalBrowse
    www.youtube.com0%VirustotalBrowse
    detectportal.firefox.com0%VirustotalBrowse
    push.services.mozilla.com0%VirustotalBrowse
    firefox.settings.services.mozilla.com0%VirustotalBrowse
    contile.services.mozilla.com0%VirustotalBrowse
    normandy.cdn.mozilla.net0%VirustotalBrowse
    www.facebook.com0%VirustotalBrowse
    shavar.services.mozilla.com0%VirustotalBrowse
    dyna.wikimedia.org0%VirustotalBrowse
    www.wikipedia.org0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
    http://detectportal.firefox.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
    http://www.mozilla.com00%URL Reputationsafe
    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
    https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
    http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr0%URL Reputationsafe
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
    https://www.leboncoin.fr/0%URL Reputationsafe
    https://spocs.getpocket.com/spocs0%URL Reputationsafe
    https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill0%URL Reputationsafe
    https://www.youtube.com0%URL Reputationsafe
    https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
    https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
    https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
    https://monitor.firefox.com/breach-details/0%URL Reputationsafe
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
    https://www.amazon.com/exec/obidos/external-search/0%URL Reputationsafe
    https://www.msn.com0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
    https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
    https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%URL Reputationsafe
    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
    https://api.accounts.firefox.com/v10%URL Reputationsafe
    https://www.amazon.com/0%URL Reputationsafe
    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%URL Reputationsafe
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
    https://www.youtube.com/0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
    https://MD8.mozilla.org/1/m0%URL Reputationsafe
    http://json-schema.org/draft-04/schema#(version0%Avira URL Cloudsafe
    https://addons.mozilla.org/firefox/addon/to-google-translate/0%URL Reputationsafe
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
    https://bugzilla.mo0%URL Reputationsafe
    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
    https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
    https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
    https://spocs.getpocket.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
    https://support.mozilla.org/products/firefoxgro.allizom.troppus.0%URL Reputationsafe
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features0%Avira URL Cloudsafe
    https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
    http://mozilla.org/#/properties/proposedEnrollment0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/schemaVersion0%Avira URL Cloudsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
    https://addons.mozilla.org/0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
    http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
    https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
    https://monitor.firefox.com/about0%URL Reputationsafe
    http://mozilla.org/MPL/2.0/.0%URL Reputationsafe
    https://account.bellmedia.c0%URL Reputationsafe
    https://login.microsoftonline.com0%URL Reputationsafe
    https://coverage.mozilla.org0%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/channel0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features0%VirustotalBrowse
    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
    http://json-schema.org/draft-04/schema#(version0%VirustotalBrowse
    https://github.com/w3c/csswg-drafts/issues/46500%Avira URL Cloudsafe
    http://mozilla.org/#/properties/proposedEnrollment0%VirustotalBrowse
    http://mozilla.org/#/properties/schemaVersion0%VirustotalBrowse
    http://mozilla.org/#/properties/branches0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/userFacingName0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/channel0%VirustotalBrowse
    http://mozilla.org/#/properties/bucketConfig/properties/namespace0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/bucketConfig/properties/startA0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/outcomes/items/properties/slug0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/branches0%VirustotalBrowse
    https://github.com/w3c/csswg-drafts/issues/46500%VirustotalBrowse
    http://mozilla.org/#/properties/bucketConfig/properties/namespace0%VirustotalBrowse
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuehtt0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/outcomes/items/properties/slug0%VirustotalBrowse
    http://mozilla.org/#/properties/bucketConfig/properties/startA0%VirustotalBrowse
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value0%VirustotalBrowse
    https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/userFacingName0%VirustotalBrowse
    http://mozilla.org/#/properties/branches/anyOf/20%Avira URL Cloudsafe
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/featureValidationOptOuthttp://mozilla.org/#/properties/localizations0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/branches/anyOf/20%VirustotalBrowse
    http://mozilla.org/#/properties/outcomes/items0%Avira URL Cloudsafe
    https://github.com/mozilla-services/screenshots0%VirustotalBrowse
    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
    http://mozilla.org/#/properties/outcomes/items0%VirustotalBrowse
    http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature0%Avira URL Cloudsafe
    https://www.youtube.com/accountbl0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalseunknown
    star-mini.c10r.facebook.com
    		157.240.252.35
    		truefalseunknown
    prod.classify-client.prod.webservices.mozgcp.net
    		35.190.72.216
    		truefalseunknown
    prod.balrog.prod.cloudops.mozgcp.net
    		35.244.181.201
    		truefalseunknown
    twitter.com
    		104.244.42.1
    		truefalseunknown
    prod.detectportal.prod.cloudops.mozgcp.net
    		34.107.221.82
    		truefalseunknown
    services.addons.mozilla.org
    		143.204.215.115
    		truefalseunknown
    dyna.wikimedia.org
    		185.15.59.224
    		truefalseunknown
    prod.remote-settings.prod.webservices.mozgcp.net
    		34.149.100.209
    		truefalseunknown
    contile.services.mozilla.com
    		34.117.188.166
    		truefalseunknown
    prod.content-signature-chains.prod.webservices.mozgcp.net
    		34.160.144.191
    		truefalseunknown
    youtube-ui.l.google.com
    		142.250.186.110
    		truefalseunknown
    us-west1.prod.sumo.prod.webservices.mozgcp.net
    		34.149.128.2
    		truefalseunknown
    reddit.map.fastly.net
    		151.101.129.140
    		truefalseunknown
    ipv4only.arpa
    		192.0.0.171
    		truefalseunknown
    prod.ads.prod.webservices.mozgcp.net
    		34.117.188.166
    		truefalseunknown
    normandy-cdn.services.mozilla.com
    		35.201.103.21
    		truefalseunknown
    telemetry-incoming.r53-2.services.mozilla.com
    		34.120.208.123
    		truefalseunknown
    www.reddit.com
    		unknown
    		unknownfalseunknown
    spocs.getpocket.com
    		unknown
    		unknownfalseunknown
    content-signature-2.cdn.mozilla.net
    		unknown
    		unknownfalseunknown
    support.mozilla.org
    		unknown
    		unknownfalseunknown
    firefox.settings.services.mozilla.com
    		unknown
    		unknownfalseunknown
    push.services.mozilla.com
    		unknown
    		unknownfalseunknown
    www.youtube.com
    		unknown
    		unknownfalseunknown
    www.facebook.com
    		unknown
    		unknownfalseunknown
    detectportal.firefox.com
    		unknown
    		unknownfalseunknown
    normandy.cdn.mozilla.net
    		unknown
    		unknownfalseunknown
    shavar.services.mozilla.com
    		unknown
    		unknownfalseunknown
    www.wikipedia.org
    		unknown
    		unknownfalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://json-schema.org/draft-04/schema#(versionfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/featuresfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/proposedEnrollmentfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://detectportal.firefox.com/firefox.exe, 00000004.00000003.2100029510.0000020BAE459000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/schemaVersionfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/valuefirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://www.mozilla.com0gmpopenh264.dll.tmp.4.drfalse
    • URL Reputation: safe
    		unknown
    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
    • URL Reputation: safe
    		unknown
    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000A.00000002.4155065106.000001692AD8F000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crfile.exefalse
    • URL Reputation: safe
    		unknown
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.leboncoin.fr/firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://spocs.getpocket.com/spocsfirefox.exe, 00000004.00000003.2038191292.0000020BB10A5000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000004.00000003.2046482379.0000020BA3D4B000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.youtube.comfirefox.exe, 00000004.00000003.2075197556.0000020BA3A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2100794324.0000020BAE3BB000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://completion.amazon.com/search/complete?q=firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000004.00000003.2103699447.0000020BAA098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042940902.0000020BAA091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA098000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000004.00000003.2081084461.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2105366270.0000020BB2675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2092959899.0000020BB2625000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2061114344.0000020BB26A8000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://monitor.firefox.com/breach-details/firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/channelfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branchesfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1899135786.0000020BA1481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020309372.0000020BAB8A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/userFacingNamefirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://www.msn.comfirefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/bucketConfig/properties/namespacefirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/bucketConfig/properties/startAfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/outcomes/items/properties/slugfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuehttfirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/mozilla-services/screenshotsfirefox.exe, 00000004.00000003.1898086067.0000020BA142C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898276197.0000020BA1441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898838101.0000020BA146C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897906074.0000020BA1417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1897759443.0000020BA0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1898489911.0000020BA1457000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000004.00000003.2100029510.0000020BAE459000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/2firefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuefirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/featureValidationOptOuthttp://mozilla.org/#/properties/localizationsfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/outcomes/itemsfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://api.accounts.firefox.com/v1firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.amazon.com/firefox.exe, 00000004.00000003.2073594698.0000020BA3D6F000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000006.00000002.4155867378.0000028F878C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.4155925343.0000012C8E6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4158602626.000001692AF03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/0/items/properties/featurefirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://www.youtube.com/accountblfirefox.exe, 0000000A.00000002.4154017883.000001692A9E0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.youtube.com/firefox.exe, 0000000A.00000002.4155065106.000001692AD0C000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D80000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://MD8.mozilla.org/1/mfirefox.exe, 00000004.00000003.2071287474.0000020BA3E6E000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000004.00000003.2063916413.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2082638399.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2039493724.0000020BAAF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2106285255.0000020BAAFA6000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000009.00000002.4155925343.0000012C8E6C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.4155065106.000001692ADC4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://127.0.0.1:firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000004.00000003.2010918291.0000020BA1D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2010120968.0000020BA1D75000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000004.00000003.2033107433.0000020BA9663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015771215.0000020BA9662000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2031031640.0000020BA9662000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://bugzilla.mofirefox.exe, 00000004.00000003.2063916413.0000020BAAFCC000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://mitmdetection.services.mozilla.com/firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.youtube.com/accountC:file.exe, 00000000.00000002.4164485337.00000000054D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1883864318.0000025C5AE10000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000004.00000003.2103699447.0000020BAA098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2042940902.0000020BAA091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2065952803.0000020BAA098000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://spocs.getpocket.com/firefox.exe, 0000000A.00000002.4155065106.000001692AD13000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/isRolloutfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabledfirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureIfirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/bucketConfig/properties/countVersionfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/endDatefirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.4.drfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratiofirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/localizations/anyOf/0/additionalPropertiesfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/referenceBranchfirefox.exe, 00000004.00000003.1958157270.0000020BA2697000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://addons.mozilla.org/firefox.exe, 00000004.00000003.2039493724.0000020BAAF21000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000004.00000003.1930434277.0000020BAB3EF000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/outcomes/items/properties/priorityfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000004.00000003.1958372160.0000020BA2667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2072399347.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2045160907.0000020BA3D90000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemshttp://mozilla.org/#firefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://monitor.firefox.com/user/dashboardfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://monitor.firefox.com/aboutfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/MPL/2.0/.firefox.exe, 00000004.00000003.2020070030.0000020BAB8C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2051278414.0000020BA2EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2035148281.0000020BA963E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015771215.0000020BA962B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2015057135.0000020BA2EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2033107433.0000020BA966A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2084170747.0000020BA96AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2012808297.0000020BA963D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1930434277.0000020BAB3D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2046482379.0000020BA3D58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021157775.0000020BA95F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2036989054.0000020B9E446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2033107433.0000020BA9663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2091439508.0000020BA1A3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2088452327.0000020BA963D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2101912110.0000020BAB373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2075197556.0000020BA3A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2031031640.0000020BA9634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2078374857.0000020BA145F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020070030.0000020BAB8C8000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://account.bellmedia.cfirefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/enrollmentEndDatefirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://login.microsoftonline.comfirefox.exe, 00000004.00000003.2069708035.0000020BA4A7F000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://coverage.mozilla.orgfirefox.exe, 00000006.00000002.4155561425.0000028F876C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.4155101745.0000012C8E570000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.4154865297.000001692AC70000.00000002.10000000.00040000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.4.drfalse
    • URL Reputation: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/items/properties/featuresfirefox.exe, 00000004.00000003.1958244288.0000020BA2689000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://mozilla.org/#/properties/branches/anyOf/1/itemsTestingfirefox.exe, 00000004.00000003.1958199617.0000020BA2692000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    34.149.100.209
    		prod.remote-settings.prod.webservices.mozgcp.netUnited States
    		2686ATGS-MMD-ASUSfalse
    34.107.221.82
    		prod.detectportal.prod.cloudops.mozgcp.netUnited States
    		15169GOOGLEUSfalse
    35.244.181.201
    		prod.balrog.prod.cloudops.mozgcp.netUnited States
    		15169GOOGLEUSfalse
    34.117.188.166
    		contile.services.mozilla.comUnited States
    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
    143.204.215.115
    		services.addons.mozilla.orgUnited States
    		16509AMAZON-02USfalse
    35.201.103.21
    		normandy-cdn.services.mozilla.comUnited States
    		15169GOOGLEUSfalse
    142.250.186.110
    		youtube-ui.l.google.comUnited States
    		15169GOOGLEUSfalse
    35.190.72.216
    		prod.classify-client.prod.webservices.mozgcp.netUnited States
    		15169GOOGLEUSfalse
    34.160.144.191
    		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
    		2686ATGS-MMD-ASUSfalse
    34.120.208.123
    		telemetry-incoming.r53-2.services.mozilla.comUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    127.0.0.1

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1483423
    Start date and time:2024-07-27 12:00:07 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 10m 9s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:12
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:file.exe
    Detection:MAL
    Classification:mal84.evad.winEXE@19/40@64/11
    EGA Information:
    • Successful, ratio: 40%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Override analysis time to 240s for sample files taking high CPU consumption

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 50.112.139.120, 52.36.33.58, 44.238.205.197, 34.107.243.93, 2.22.61.56, 2.22.61.59, 216.58.206.46, 172.217.18.14, 142.250.185.238, 142.250.186.138, 142.250.186.106
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, autopush.prod.mozaws.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
    • Execution Graph export aborted for target firefox.exe, PID 7644 because there are no executed function
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtOpenFile calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    06:01:32API Interceptor1x Sleep call for process: firefox.exe modified
    06:01:34API Interceptor13567286x Sleep call for process: file.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    34.117.188.166file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
      8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      file.exeGet hashmaliciousBabadedaBrowse
                        143.204.215.115file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousBabadedaBrowse
                            zKXXNr7f2e.exeGet hashmaliciousBabadedaBrowse
                              file.exeGet hashmaliciousBabadedaBrowse
                                file.exeGet hashmaliciousBabadedaBrowse
                                  file.exeGet hashmaliciousBabadedaBrowse
                                    Nin6JE44ky.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            34.149.100.209file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousBabadedaBrowse
                                                          file.exeGet hashmaliciousBabadedaBrowse
                                                            file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                              file.exeGet hashmaliciousBabadedaBrowse
                                                                34.160.144.191file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                  8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                  file.exeGet hashmaliciousBabadedaBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    example.orgfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 93.184.215.14
                                                                                    8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.184.215.14
                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                    • 93.184.215.14
                                                                                    services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.105
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 143.204.215.105
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.115
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.122
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                    • 143.204.215.115
                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                    • 143.204.215.105
                                                                                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                    • 18.65.39.112
                                                                                    twitter.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.1
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.65
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.1
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 104.244.42.1
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.193
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.129
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.244.42.1
                                                                                    star-mini.c10r.facebook.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.0.35
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.0.35
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.253.35
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 157.240.252.35
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.253.35
                                                                                    https://www.kudoboard.com/boards/ZWwsi9jgGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.253.35
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.252.35
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.0.35
                                                                                    https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                    • 157.240.252.35
                                                                                    https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/41936a0e62f13ad8ca77add4983dc24bGet hashmaliciousUnknownBrowse
                                                                                    • 157.240.252.35

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGd34e1p5zD2.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.59.81
                                                                                    Mu7iyblZk8.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.59.81
                                                                                    d34e1p5zD2.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.59.81
                                                                                    Ycj3d5NMhc.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.59.81
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.117.188.166
                                                                                    8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.117.188.166
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.188.166
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.188.166
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.117.188.166
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.117.188.166
                                                                                    ATGS-MMD-ASUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    http://armannlakeltd.wixsite.com/btinternet/Get hashmaliciousUnknownBrowse
                                                                                    • 34.144.206.118
                                                                                    AMAZON-02USfile.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.105
                                                                                    SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exeGet hashmaliciousUnknownBrowse
                                                                                    • 108.138.24.175
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exeGet hashmaliciousUnknownBrowse
                                                                                    • 13.33.158.224
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.115
                                                                                    https://www.kudoboard.com/boards/ZWwsi9jgGet hashmaliciousUnknownBrowse
                                                                                    • 13.32.99.104
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.122
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 143.204.215.18
                                                                                    https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                    • 18.238.243.9
                                                                                    ATGS-MMD-ASUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 34.160.144.191
                                                                                    http://armannlakeltd.wixsite.com/btinternet/Get hashmaliciousUnknownBrowse
                                                                                    • 34.144.206.118

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    8NjcvPNvUr.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123
                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                    • 35.244.181.201
                                                                                    • 34.149.100.209
                                                                                    • 34.160.144.191
                                                                                    • 143.204.215.115
                                                                                    • 34.120.208.123

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                file.exeGet hashmaliciousBabadedaBrowse
                                                                                                  file.exeGet hashmaliciousBabadedaBrowse
                                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                                      file.exeGet hashmaliciousBabadeda, Coinhive, XmrigBrowse
                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                                                                                      file.exeGet hashmaliciousBabadedaBrowse
                                                                                                                        file.exeGet hashmaliciousBabadedaBrowse
                                                                                                                          file.exeGet hashmaliciousBabadeda, Coinhive, XmrigBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_610bfe9f-7e62-46a8-8c71-7fb061771aa6.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):7813
                                                                                                                            Entropy (8bit):5.181100110271959
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:QjMXGgzcbhbVbTbfbRbObtbyEl7nEr03JA6WnSrDtTUd/SkDrK:QY7cNhnzFSJkr0eBnSrDhUd/k
                                                                                                                            MD5:5442B7BD2CDC2A57D4F8A7515A70B12C
                                                                                                                            SHA1:FB946F86B71A63A1548DD2580524BC6151DEE668
                                                                                                                            SHA-256:2C81960FD34FF4576FFE5A7F1E52C3FF391311A0D53FA2EA3195DC2D4FA67EF3
                                                                                                                            SHA-512:2A400BC62AE0F384E9610FCA2668A2BCB975A93344E5371EADBAE0651B195B132B568004E06D2C5956D65951A905A2FE0B594536623E4B958A8B736CDCC09B96
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:{"type":"uninstall","id":"610bfe9f-7e62-46a8-8c71-7fb061771aa6","creationDate":"2024-07-27T12:01:57.836Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_610bfe9f-7e62-46a8-8c71-7fb061771aa6.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):7813
                                                                                                                            Entropy (8bit):5.181100110271959
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:QjMXGgzcbhbVbTbfbRbObtbyEl7nEr03JA6WnSrDtTUd/SkDrK:QY7cNhnzFSJkr0eBnSrDhUd/k
                                                                                                                            MD5:5442B7BD2CDC2A57D4F8A7515A70B12C
                                                                                                                            SHA1:FB946F86B71A63A1548DD2580524BC6151DEE668
                                                                                                                            SHA-256:2C81960FD34FF4576FFE5A7F1E52C3FF391311A0D53FA2EA3195DC2D4FA67EF3
                                                                                                                            SHA-512:2A400BC62AE0F384E9610FCA2668A2BCB975A93344E5371EADBAE0651B195B132B568004E06D2C5956D65951A905A2FE0B594536623E4B958A8B736CDCC09B96
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:{"type":"uninstall","id":"610bfe9f-7e62-46a8-8c71-7fb061771aa6","creationDate":"2024-07-27T12:01:57.836Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                            C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):490
                                                                                                                            Entropy (8bit):7.246483341090937
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                            MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                            SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                            SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                            SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):32768
                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):453023
                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                            Malicious:false
                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5488
                                                                                                                            Entropy (8bit):3.3126639677126013
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:wdfa+AITIUx2dWoM15/LN8zmBdfa+AIswM+bpoqdWoM15/LFX1Rgmndfa+AI6lVS:wdixUgdwIzWdin6BdwgUdiHadwC1
                                                                                                                            MD5:905924BD3AA935B0D6A8B15E628B1637
                                                                                                                            SHA1:FC91AA2C346B69A137174116228DC5CF7E19C828
                                                                                                                            SHA-256:94D8BA77729453AB80A090B1860026A1BBD143917995B6179268529D86E47F04
                                                                                                                            SHA-512:226A6A53A63E5E3AC322B0D5DF26FF8C54FEBAD40E15220ABB4DB4010502FE46217223433A0084C59CCCE626D3B7FF00724D6E41EC31D3D03525960F75154695
                                                                                                                            Malicious:false
                                                                                                                            Preview:...................................FL..................F.@.. ...p......................S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.X*P....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.X*P............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.X*P..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........h........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5488
                                                                                                                            Entropy (8bit):3.3126639677126013
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:wdfa+AITIUx2dWoM15/LN8zmBdfa+AIswM+bpoqdWoM15/LFX1Rgmndfa+AI6lVS:wdixUgdwIzWdin6BdwgUdiHadwC1
                                                                                                                            MD5:905924BD3AA935B0D6A8B15E628B1637
                                                                                                                            SHA1:FC91AA2C346B69A137174116228DC5CF7E19C828
                                                                                                                            SHA-256:94D8BA77729453AB80A090B1860026A1BBD143917995B6179268529D86E47F04
                                                                                                                            SHA-512:226A6A53A63E5E3AC322B0D5DF26FF8C54FEBAD40E15220ABB4DB4010502FE46217223433A0084C59CCCE626D3B7FF00724D6E41EC31D3D03525960F75154695
                                                                                                                            Malicious:false
                                                                                                                            Preview:...................................FL..................F.@.. ...p......................S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.X*P....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.X*P............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.X*P..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........h........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\86OU6OT4HZVJW3A9ET1M.temp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5488
                                                                                                                            Entropy (8bit):3.3126639677126013
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:wdfa+AITIUx2dWoM15/LN8zmBdfa+AIswM+bpoqdWoM15/LFX1Rgmndfa+AI6lVS:wdixUgdwIzWdin6BdwgUdiHadwC1
                                                                                                                            MD5:905924BD3AA935B0D6A8B15E628B1637
                                                                                                                            SHA1:FC91AA2C346B69A137174116228DC5CF7E19C828
                                                                                                                            SHA-256:94D8BA77729453AB80A090B1860026A1BBD143917995B6179268529D86E47F04
                                                                                                                            SHA-512:226A6A53A63E5E3AC322B0D5DF26FF8C54FEBAD40E15220ABB4DB4010502FE46217223433A0084C59CCCE626D3B7FF00724D6E41EC31D3D03525960F75154695
                                                                                                                            Malicious:false
                                                                                                                            Preview:...................................FL..................F.@.. ...p......................S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.X*P....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.X*P............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.X*P..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........h........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ES0NNDMUGD779OQA0ARP.temp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5488
                                                                                                                            Entropy (8bit):3.3126639677126013
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:wdfa+AITIUx2dWoM15/LN8zmBdfa+AIswM+bpoqdWoM15/LFX1Rgmndfa+AI6lVS:wdixUgdwIzWdin6BdwgUdiHadwC1
                                                                                                                            MD5:905924BD3AA935B0D6A8B15E628B1637
                                                                                                                            SHA1:FC91AA2C346B69A137174116228DC5CF7E19C828
                                                                                                                            SHA-256:94D8BA77729453AB80A090B1860026A1BBD143917995B6179268529D86E47F04
                                                                                                                            SHA-512:226A6A53A63E5E3AC322B0D5DF26FF8C54FEBAD40E15220ABB4DB4010502FE46217223433A0084C59CCCE626D3B7FF00724D6E41EC31D3D03525960F75154695
                                                                                                                            Malicious:false
                                                                                                                            Preview:...................................FL..................F.@.. ...p......................S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.X*P....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.X*P............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.X*P..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........h........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):3621
                                                                                                                            Entropy (8bit):4.928299809120932
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNL8OW8P:8S+OBIUjOdwiOdYVjjwLBW8P
                                                                                                                            MD5:FF83318A4F9BADF6E1EEA28A4AFC06F6
                                                                                                                            SHA1:A6A3C79B53F5BBD6FD40770B7AE58B2F998BCB3C
                                                                                                                            SHA-256:BC7859050BD9CE963D67784D6FD3058FD85FF14AC3FC605DCB738C4F2417308D
                                                                                                                            SHA-512:2054D491E340BAA749922CD54FD9FB9C4AB6ADCD1F9936070CE8BADC09398681924AFB6E359BAE137C5EA2E4C281214F2A80D8A333E995EDA44821F933C6A070
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):3621
                                                                                                                            Entropy (8bit):4.928299809120932
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNL8OW8P:8S+OBIUjOdwiOdYVjjwLBW8P
                                                                                                                            MD5:FF83318A4F9BADF6E1EEA28A4AFC06F6
                                                                                                                            SHA1:A6A3C79B53F5BBD6FD40770B7AE58B2F998BCB3C
                                                                                                                            SHA-256:BC7859050BD9CE963D67784D6FD3058FD85FF14AC3FC605DCB738C4F2417308D
                                                                                                                            SHA-512:2054D491E340BAA749922CD54FD9FB9C4AB6ADCD1F9936070CE8BADC09398681924AFB6E359BAE137C5EA2E4C281214F2A80D8A333E995EDA44821F933C6A070
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5312
                                                                                                                            Entropy (8bit):6.615424734763731
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                            MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                            SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                            SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                            SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5312
                                                                                                                            Entropy (8bit):6.615424734763731
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                            MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                            SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                            SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                            SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):24
                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):24
                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):262144
                                                                                                                            Entropy (8bit):0.04905391753567332
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                            MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                            SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                            SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                            SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):66
                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):66
                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):36830
                                                                                                                            Entropy (8bit):5.185924656884556
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                            MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                            SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                            SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                            SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):36830
                                                                                                                            Entropy (8bit):5.185924656884556
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                            MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                            SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                            SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                            SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):32768
                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                            Malicious:false
                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1021904
                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1021904
                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):116
                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                            Malicious:false
                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):116
                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                            Malicious:false
                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):32768
                                                                                                                            Entropy (8bit):0.038809065359681434
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:GHlhVbBFfLoVjPPlhVbBFfLoVjLl8a9//Ylll4llqlyllel4lt:G7VnLoVjPDVnLoVjRL9XIwlio
                                                                                                                            MD5:F70F02B69FA01DD62A9ECAB28B4614A3
                                                                                                                            SHA1:013AB94B2DAED7F6E848A9351CC7B48CC3F63B8E
                                                                                                                            SHA-256:684060093F9FE0A57802A07AC9A33185266B92BB242F555CFCC878E12DF654D8
                                                                                                                            SHA-512:80907FCA037D4DA720D7D3C385A1B3FFE106F96F8B0DE9BBAC1D1EB1F1A0E9424EBFB66759361868258C6939E884F0255FA229E449BF33AC472BE008900DC86F
                                                                                                                            Malicious:false
                                                                                                                            Preview:..-........................v !G....r..p....tw.....-........................v !G....r..p....tw...........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):163992
                                                                                                                            Entropy (8bit):0.11780240269250941
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:KCQYfkvZdLxsZ+M+jxsMltTAUCF2QWUCZ7CCQE/TKCbCMxsax0+wlN1VZ2i7+:TQYMvZjQFMJtUnWdU+RVx0/HjZk
                                                                                                                            MD5:9782C6EC910BEBDC86E6DD962B5B0F6E
                                                                                                                            SHA1:CED3B8E2DF3D71E52B18F697804F4564AB5A16BD
                                                                                                                            SHA-256:893EEAD457ACF234731BB07C6C9491B56682766F600F76E2F6FF968C18B7E4A3
                                                                                                                            SHA-512:BA07A273F6F1200B287093E5A3AC46F9823E5A3B370C1D13727A69B4F0EC3CEA433D862A9837A75258F20156659E0E9AF43C9E9EE7F317930BC4E6B468E33CEC
                                                                                                                            Malicious:false
                                                                                                                            Preview:7....-.............r..p.H....P.&...........r..p._<i.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):13254
                                                                                                                            Entropy (8bit):5.493518105072594
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:hnaRtLYbBp6mhj4qyaaX+6KXQNhZ5RfGNBw8dCSl:se0q2ggrcwR0
                                                                                                                            MD5:3C39547CB105A21EBFCB173FE9FFDE80
                                                                                                                            SHA1:65FA0F3E046EEA166AE0F6CAD3AE109F4733EF8F
                                                                                                                            SHA-256:7411B746EF1559D383D548AC7C5C47CFFD086449FC693276BE1AE64FE63F17E6
                                                                                                                            SHA-512:F8AAB955D30476D4F7F3ECB7D130300240E7BB31751F003BC8CCD8B30A57425EB3510BF0E4E1DA6C33CC4A87A45DF8DEAF5E9CB05E57B7184CC269EEF7BD6FB8
                                                                                                                            Malicious:false
                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1722081688);..user_pref("app.update.lastUpdateTime.background-update-timer", 1722081688);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1722081688);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172208

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):13254
                                                                                                                            Entropy (8bit):5.493518105072594
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:hnaRtLYbBp6mhj4qyaaX+6KXQNhZ5RfGNBw8dCSl:se0q2ggrcwR0
                                                                                                                            MD5:3C39547CB105A21EBFCB173FE9FFDE80
                                                                                                                            SHA1:65FA0F3E046EEA166AE0F6CAD3AE109F4733EF8F
                                                                                                                            SHA-256:7411B746EF1559D383D548AC7C5C47CFFD086449FC693276BE1AE64FE63F17E6
                                                                                                                            SHA-512:F8AAB955D30476D4F7F3ECB7D130300240E7BB31751F003BC8CCD8B30A57425EB3510BF0E4E1DA6C33CC4A87A45DF8DEAF5E9CB05E57B7184CC269EEF7BD6FB8
                                                                                                                            Malicious:false
                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1722081688);..user_pref("app.update.lastUpdateTime.background-update-timer", 1722081688);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1722081688);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172208

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):65536
                                                                                                                            Entropy (8bit):0.04062825861060003
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                            MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                            SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                            SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                            SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\08189688-e817-407b-a4e7-e014f81f19e0 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):493
                                                                                                                            Entropy (8bit):4.9519237677601415
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:YZFglIzSAH6ppIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YT+AHESlCOlZGV1AQIWZcy6Z2d
                                                                                                                            MD5:25A6D71B6A51AE88FB10A5BF69C34817
                                                                                                                            SHA1:B7A915F855C46EF243F5E2404D9F7B25A00F695F
                                                                                                                            SHA-256:1257504E12F59A4204C8142D368EEA48D1D8932070B4366BE1CD7D812877B40C
                                                                                                                            SHA-512:3969C4F0A286E6BB3360CDB24D118EC0DA0B7BABAC3EE0B01B88556991D55573319486FEDB494B6D8C5451642F2BDF58BCBDAEC37A3BA9A61F98F2608F585E1C
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"type":"health","id":"08189688-e817-407b-a4e7-e014f81f19e0","creationDate":"2024-07-27T12:01:58.313Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\08189688-e817-407b-a4e7-e014f81f19e0.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):493
                                                                                                                            Entropy (8bit):4.9519237677601415
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:YZFglIzSAH6ppIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YT+AHESlCOlZGV1AQIWZcy6Z2d
                                                                                                                            MD5:25A6D71B6A51AE88FB10A5BF69C34817
                                                                                                                            SHA1:B7A915F855C46EF243F5E2404D9F7B25A00F695F
                                                                                                                            SHA-256:1257504E12F59A4204C8142D368EEA48D1D8932070B4366BE1CD7D812877B40C
                                                                                                                            SHA-512:3969C4F0A286E6BB3360CDB24D118EC0DA0B7BABAC3EE0B01B88556991D55573319486FEDB494B6D8C5451642F2BDF58BCBDAEC37A3BA9A61F98F2608F585E1C
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"type":"health","id":"08189688-e817-407b-a4e7-e014f81f19e0","creationDate":"2024-07-27T12:01:58.313Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):90
                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):90
                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5764 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1527
                                                                                                                            Entropy (8bit):6.3148584570482775
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:vSSUGLo3LXreU7yQ1TUn1/T5sCI2uZHVQj6jFrsmILhWjy9p/vx+mNrr0aDge4:Kp4Y/eU7yJfEH5rrIOecuR4
                                                                                                                            MD5:1D7C07BC53A2F33475A9F9DA312E64D0
                                                                                                                            SHA1:48B7A12B32F6062CDE639056E9215C278FC2F288
                                                                                                                            SHA-256:5A8373FA90829522CF5FB90C3C886620F4D1621EFD4076301A91724DD195D1E2
                                                                                                                            SHA-512:686F0FF2172A0F09C537F36C536613341B4991C246EE8A0A16BCCB993CE7196A2269059DED4441617D862895E9A71F1895C353F95BF5D32CC796600B896C81EA
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/account","title*....cacheKey":0,"ID":6,"docshellUU...D"{17a4f0a7-bda3-4ad6-ab2a-d0db945520b2}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1722081875200,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imagu...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..aGroupC...:-1,"busy...t...Flags":2167541758S...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:..?.1":{..jUpdate.....vtartTim..`657759...centCrash..B0},".....Dcooku. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexpiry....669249,"originA...."firstPartyDomain":"","geckoViewS........

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5764 bytes
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1527
                                                                                                                            Entropy (8bit):6.3148584570482775
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:vSSUGLo3LXreU7yQ1TUn1/T5sCI2uZHVQj6jFrsmILhWjy9p/vx+mNrr0aDge4:Kp4Y/eU7yJfEH5rrIOecuR4
                                                                                                                            MD5:1D7C07BC53A2F33475A9F9DA312E64D0
                                                                                                                            SHA1:48B7A12B32F6062CDE639056E9215C278FC2F288
                                                                                                                            SHA-256:5A8373FA90829522CF5FB90C3C886620F4D1621EFD4076301A91724DD195D1E2
                                                                                                                            SHA-512:686F0FF2172A0F09C537F36C536613341B4991C246EE8A0A16BCCB993CE7196A2269059DED4441617D862895E9A71F1895C353F95BF5D32CC796600B896C81EA
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/account","title*....cacheKey":0,"ID":6,"docshellUU...D"{17a4f0a7-bda3-4ad6-ab2a-d0db945520b2}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1722081875200,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imagu...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..aGroupC...:-1,"busy...t...Flags":2167541758S...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:..?.1":{..jUpdate.....vtartTim..`657759...centCrash..B0},".....Dcooku. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexpiry....669249,"originA...."firstPartyDomain":"","geckoViewS........

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5764 bytes
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):1527
                                                                                                                            Entropy (8bit):6.3148584570482775
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:vSSUGLo3LXreU7yQ1TUn1/T5sCI2uZHVQj6jFrsmILhWjy9p/vx+mNrr0aDge4:Kp4Y/eU7yJfEH5rrIOecuR4
                                                                                                                            MD5:1D7C07BC53A2F33475A9F9DA312E64D0
                                                                                                                            SHA1:48B7A12B32F6062CDE639056E9215C278FC2F288
                                                                                                                            SHA-256:5A8373FA90829522CF5FB90C3C886620F4D1621EFD4076301A91724DD195D1E2
                                                                                                                            SHA-512:686F0FF2172A0F09C537F36C536613341B4991C246EE8A0A16BCCB993CE7196A2269059DED4441617D862895E9A71F1895C353F95BF5D32CC796600B896C81EA
                                                                                                                            Malicious:false
                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/account","title*....cacheKey":0,"ID":6,"docshellUU...D"{17a4f0a7-bda3-4ad6-ab2a-d0db945520b2}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1722081875200,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imagu...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..aGroupC...:-1,"busy...t...Flags":2167541758S...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:..?.1":{..jUpdate.....vtartTim..`657759...centCrash..B0},".....Dcooku. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexpiry....669249,"originA...."firstPartyDomain":"","geckoViewS........

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4096
                                                                                                                            Entropy (8bit):2.0836444556178684
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                            MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                            SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                            SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                            SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4537
                                                                                                                            Entropy (8bit):5.033381737432951
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:YrSAY9J6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:yc7yTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                            MD5:7577D46FB7C94C0035FD9BD18043BB0A
                                                                                                                            SHA1:32FC539F834EA6379C9D66EE1C87596D882C05B2
                                                                                                                            SHA-256:4780791BFE5B27C3CBEF4DAC283FFDA7722D14D32CAFC400ECCBDFC1D274A5AC
                                                                                                                            SHA-512:E3056C3805C3916AE1869FEE6232A041849A964B44153BEEA477AD7CEB28252E945D3A8FB8A31E707E08D76D590E6AC30BF70DD58A269880F2765029ED40EB78
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-07-27T12:01:17.350Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4537
                                                                                                                            Entropy (8bit):5.033381737432951
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:YrSAY9J6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:yc7yTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                            MD5:7577D46FB7C94C0035FD9BD18043BB0A
                                                                                                                            SHA1:32FC539F834EA6379C9D66EE1C87596D882C05B2
                                                                                                                            SHA-256:4780791BFE5B27C3CBEF4DAC283FFDA7722D14D32CAFC400ECCBDFC1D274A5AC
                                                                                                                            SHA-512:E3056C3805C3916AE1869FEE6232A041849A964B44153BEEA477AD7CEB28252E945D3A8FB8A31E707E08D76D590E6AC30BF70DD58A269880F2765029ED40EB78
                                                                                                                            Malicious:false
                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-07-27T12:01:17.350Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Entropy (8bit):7.9839216559661494
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:file.exe
                                                                                                                            File size:3'206'656 bytes
                                                                                                                            MD5:b078d31fc894b91a32e1c40c596fe1ec
                                                                                                                            SHA1:ed490245f51c3b2fad83e2eb22ad48d5260a8ad8
                                                                                                                            SHA256:3188153b52c7148bf97d29e8d0447b1d50ddbde7d0ac56005e2b758dab432030
                                                                                                                            SHA512:a9977635a3fc7484b649b2c4a0bbc7bddfec2cbfaa9c3f70ceb88cb1328fd5b837fd4a312ce21493dfe1b8914e5af60526ad3f17d60961dce84977351971d1bc
                                                                                                                            SSDEEP:49152:d69dZEfDc80QxDi9jKiYTSq8tC9qpYwueEMQNFQ2zPqd0f0l6Fo8JCKk:mdZeZDi9Gi3Yq+WyNFBzPqi8lAzCKk
                                                                                                                            TLSH:83E5330B1F965962E243B3F7DC311A600868B570D838CF1F86FBEDAD7061641DC6AB66
                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                            File Icon

                                                                                                                            Icon Hash:aaf3e3e3938382a0

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0xedef28
                                                                                                                            Entrypoint Section:.data
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x66A4BC95 [Sat Jul 27 09:23:33 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:5
                                                                                                                            OS Version Minor:1
                                                                                                                            File Version Major:5
                                                                                                                            File Version Minor:1
                                                                                                                            Subsystem Version Major:5
                                                                                                                            Subsystem Version Minor:1
                                                                                                                            Import Hash:575f114892de1c92166348318b11cdb5

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp 00007F8080C066FAh
                                                                                                                            add byte ptr [eax], cl
                                                                                                                            sldt word ptr [eax]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax-18h], ah
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            pop ebp
                                                                                                                            sub ebp, 00000010h
                                                                                                                            sub ebp, 00ADEF28h
                                                                                                                            jmp 00007F8080C066F9h
                                                                                                                            mov esp, B8C8F7BAh
                                                                                                                            sub bh, ch
                                                                                                                            lodsd
                                                                                                                            add byte ptr [ebx], al
                                                                                                                            lds eax, fword ptr [ecx+00004CC0h]
                                                                                                                            add byte ptr [ecx+000005A7h], bh
                                                                                                                            mov edx, 8DF8487Ah
                                                                                                                            xor byte ptr [eax], dl
                                                                                                                            inc eax
                                                                                                                            dec ecx
                                                                                                                            jne 00007F8080C066ECh
                                                                                                                            jmp 00007F8080C066F9h
                                                                                                                            retf
                                                                                                                            arpl word ptr [edx+1Dh], si
                                                                                                                            int1
                                                                                                                            mov bh, F1h
                                                                                                                            inc esi
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            jp 00007F8080C066EDh
                                                                                                                            mov ebx, 7A7A7A82h
                                                                                                                            jns 00007F8080C066A9h
                                                                                                                            retn 7A7Ch
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            rcl byte ptr [edx+7Ah], 0000007Ah
                                                                                                                            jp 00007F8080C0667Fh
                                                                                                                            cwde
                                                                                                                            jns 00007F8080C066A4h
                                                                                                                            int1
                                                                                                                            sti
                                                                                                                            jbe 00007F8080C0676Ch
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            jns 00007F8080C066B1h
                                                                                                                            sub dh, bh
                                                                                                                            push ds
                                                                                                                            pop esi
                                                                                                                            xchg bl, dh
                                                                                                                            jle 00007F8080C06750h
                                                                                                                            adc ah, dh
                                                                                                                            jnle 00007F8080C0674Dh
                                                                                                                            jp 00007F8080C06704h
                                                                                                                            xchg eax, ebx
                                                                                                                            idiv byte ptr [edx+7Bh]
                                                                                                                            push esi
                                                                                                                            pop esi
                                                                                                                            adc dl, byte ptr [eax-6D93A23Eh]
                                                                                                                            jnle 00007F8080C0676Ch
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            xchg eax, ebx
                                                                                                                            dec edx
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            jp 00007F8080C066E9h
                                                                                                                            push ds
                                                                                                                            pop esi
                                                                                                                            xchg bl, dh
                                                                                                                            push esi
                                                                                                                            pop esi
                                                                                                                            not dword ptr [esi]
                                                                                                                            pop esi
                                                                                                                            jp 00007F8080C066E3h
                                                                                                                            push dword ptr [edx+7Ah]
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            int1
                                                                                                                            out dx, eax
                                                                                                                            jbe 00007F8080C0676Ch
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            int1
                                                                                                                            imul dword ptr [edx+7Ah]
                                                                                                                            jp 00007F8080C0676Ch
                                                                                                                            mov ebx, 784B7893h
                                                                                                                            stc
                                                                                                                            mov eax, FF75337Eh
                                                                                                                            mov es, word ptr [ebp-47D87A7Bh]

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x8c50500xe9b.data
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8c5eec0x44c.data
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x12d0000x8ce8.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x8c50300x10.data
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x8c50000x18.data
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            0x10000x9b0000x50000d9fdbdb4e93f0003eaa8148c68b3a57dFalse1.0002166748046875data7.999455501205013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0x9c0000x300000xf200bbeb90a76c57ef94ae7971407a407ed9False0.9943181818181818data7.9916241651821105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0xcc0000x80000x400028ce412f94e7aa7e49c77843871a191False0.767578125data6.377518090537521IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0xd40000x510000x4f600083050ebdcc060af9bf5c6eb83a28a55False0.9993479330708661data7.999159860330949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0x1250000x80000x6200c07d2fcbf3a30baec1e545ab7defeb0eFalse0.9845344387755102data7.965597778388454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc0x12d0000x90000x8e004f9f99a967079ecba96cc7edf0ff5e73False0.2367957746478873data4.860020988129281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            0x1360000x78c0000x32800aa772234df9342cf7a1b387c7c4e21e5unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .data0x8c20000x21f0000x21e6006b28365d474e2d91ce9dff6e82c5db3eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_ICON0x12d5a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                            RT_ICON0x12d6d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                            RT_ICON0x12d7f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                            RT_ICON0x12d9200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                            RT_ICON0x12dc080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                            RT_ICON0x12dd300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                            RT_ICON0x12ebd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                            RT_ICON0x12f4800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                            RT_ICON0x12f9e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                            RT_ICON0x131f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                            RT_ICON0x1330380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                            RT_MENU0xda4a00x50dataEnglishGreat Britain1.1375
                                                                                                                            RT_STRING0x1334a00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                            RT_STRING0x133a340x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                            RT_STRING0x1340c00x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                            RT_STRING0x1345500x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                            RT_STRING0x134b4c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                            RT_STRING0x1351a80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                            RT_STRING0x1356100x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                            RT_RCDATA0xdc7b80x47d82data0.9992354740061162
                                                                                                                            RT_GROUP_ICON0x1357680x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                            RT_GROUP_ICON0x1357e00x14dataEnglishGreat Britain1.25
                                                                                                                            RT_GROUP_ICON0x1357f40x14dataEnglishGreat Britain1.15
                                                                                                                            RT_GROUP_ICON0x1358080x14dataEnglishGreat Britain1.25
                                                                                                                            RT_VERSION0x13581c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                            RT_MANIFEST0x1358f80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                            user32.dllMessageBoxA
                                                                                                                            advapi32.dllRegCloseKey
                                                                                                                            oleaut32.dllSysFreeString
                                                                                                                            gdi32.dllCreateFontA
                                                                                                                            shell32.dllShellExecuteA
                                                                                                                            version.dllGetFileVersionInfoA
                                                                                                                            WSOCK32.dllgethostbyname
                                                                                                                            WINMM.dlltimeGetTime
                                                                                                                            COMCTL32.dllImageList_ReplaceIcon
                                                                                                                            MPR.dllWNetGetConnectionW
                                                                                                                            WININET.dllHttpOpenRequestW
                                                                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                                                                            IPHLPAPI.DLLIcmpSendEcho
                                                                                                                            USERENV.dllDestroyEnvironmentBlock
                                                                                                                            UxTheme.dllIsThemeActive
                                                                                                                            COMDLG32.dllGetSaveFileNameW
                                                                                                                            ole32.dllCoTaskMemAlloc

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishGreat Britain

                                                                                                                            Network Behavior

                                                                                                                            Suricata IDS Alerts

                                                                                                                            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                                                            2024-07-27T12:01:22.226295+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973040.127.169.103192.168.2.4
                                                                                                                            2024-07-27T12:02:01.102871+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434978440.127.169.103192.168.2.4

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Jul 27, 2024 12:01:22.972371101 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:22.972408056 CEST4434974135.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:22.972547054 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:22.976838112 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:22.976861000 CEST4434974135.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:23.443126917 CEST4434974135.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:23.449001074 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.540693998 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.540714979 CEST4434974135.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:23.540854931 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.541380882 CEST4434974135.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:23.541831970 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.541862011 CEST4434974235.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:23.541882992 CEST49741443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.542083025 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.543184042 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:23.543205976 CEST4434974235.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.029516935 CEST4434974235.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.031302929 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:24.043003082 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:24.043023109 CEST4434974235.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.043332100 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:24.043539047 CEST4434974235.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.044006109 CEST49742443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:24.968226910 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:24.968255043 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.971860886 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:24.973120928 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:24.973138094 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.982106924 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:24.987377882 CEST804974634.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.987493038 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:24.987715006 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:24.994127035 CEST804974634.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.419066906 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.419115067 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.419646025 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.421025038 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.421041965 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.435014009 CEST804974634.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.488639116 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:25.614650965 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.614733934 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.615660906 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.615827084 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.619436979 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.619443893 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.619529963 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:25.619719028 CEST44349745142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:25.619891882 CEST49745443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.065550089 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.065613031 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.066982031 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.067040920 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.070235014 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.070235014 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.070245981 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.070595026 CEST44349747142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.070719004 CEST49747443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.414412975 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.414457083 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.416270971 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.419154882 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:26.419171095 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.795262098 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.795310974 CEST4434975034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.795449972 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.796580076 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.796600103 CEST4434975034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.798572063 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:26.803450108 CEST804975134.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.803514004 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:26.803622007 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:26.808475018 CEST804975134.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.929564953 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.929605961 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.929805994 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.931171894 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:26.931191921 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.004911900 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.004925966 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.005398035 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.005531073 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.005539894 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.114464045 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.114649057 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:27.115492105 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.116080999 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:27.118781090 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:27.118781090 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:27.118791103 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.119055986 CEST44349749142.250.186.110192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.121516943 CEST49749443192.168.2.4142.250.186.110
                                                                                                                            Jul 27, 2024 12:01:27.194027901 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.194060087 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.194504023 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.194652081 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.194672108 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.268932104 CEST804975134.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.294354916 CEST4434975034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.294529915 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.298897028 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.298907995 CEST4434975034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.299000978 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.299185991 CEST4434975034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.299348116 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.299374104 CEST4434975634.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.299423933 CEST49750443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.299583912 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.300712109 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.300726891 CEST4434975634.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.310663939 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:27.421438932 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.423820019 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.427581072 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.427588940 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.427870989 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.427875042 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.427889109 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.428211927 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.428240061 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.428953886 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.430217981 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.430238962 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.502571106 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.508102894 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.510637045 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.510662079 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.511037111 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.512572050 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.512644053 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.512773991 CEST4434975435.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.512923002 CEST49754443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:27.632596016 CEST4434975234.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.636322021 CEST49752443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.690787077 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.690916061 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.693847895 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.693854094 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.694250107 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.696508884 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696508884 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696708918 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696710110 CEST4434975534.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.696736097 CEST4434975834.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.696854115 CEST49755443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696854115 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696940899 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:27.696945906 CEST4434975834.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.761614084 CEST4434975634.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.762002945 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.770230055 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.770255089 CEST4434975634.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.770296097 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.770513058 CEST4434975634.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.770713091 CEST49756443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.784907103 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:27.784907103 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:27.790364027 CEST804975134.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.791064978 CEST804974634.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.792866945 CEST4975180192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:27.792936087 CEST4974680192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:27.903652906 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.908500910 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.912472010 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.918163061 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.918163061 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:27.918175936 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.918622971 CEST4434975734.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.928065062 CEST49757443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.176366091 CEST4434975834.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.176556110 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:28.179534912 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:28.179544926 CEST4434975834.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.180362940 CEST4434975834.160.144.191192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.181590080 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:28.181790113 CEST49758443192.168.2.434.160.144.191
                                                                                                                            Jul 27, 2024 12:01:28.269247055 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:28.274245977 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.280338049 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:28.280447006 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:28.285346031 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.353739023 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.353775978 CEST4434976034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.356563091 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.357848883 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.357865095 CEST4434976034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.728187084 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.783303976 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:28.852237940 CEST4434976034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.852334976 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.865228891 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.865246058 CEST4434976034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.865339041 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.865653992 CEST4434976034.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.865727901 CEST49760443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.865756989 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.865792036 CEST4434976134.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:28.865906954 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.867342949 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:28.867352962 CEST4434976134.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.262057066 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:29.266972065 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.268624067 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:29.268729925 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:29.273484945 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.333868027 CEST4434976134.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.338176966 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:29.341952085 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:29.341952085 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:29.341967106 CEST4434976134.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.342101097 CEST4434976134.117.188.166192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.342209101 CEST49761443192.168.2.434.117.188.166
                                                                                                                            Jul 27, 2024 12:01:29.734808922 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.786158085 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:29.987092018 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:29.987159967 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:32.650717020 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:32.655610085 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.745239973 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.812618971 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:32.909082890 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:32.914213896 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:33.005661964 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:33.060058117 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:36.759735107 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:36.765820026 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.768018007 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:36.768053055 CEST4434976534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.768502951 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:36.770917892 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:36.770932913 CEST4434976534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.855192900 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.908644915 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:36.981729031 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:36.986769915 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.990801096 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:36.990865946 CEST4434976634.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.993334055 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:36.995507956 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:36.995543003 CEST4434976634.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.009898901 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.009922981 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.011775017 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.011900902 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.011914015 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.078145981 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.124887943 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:37.250158072 CEST4434976534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.250226021 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:37.254153013 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:37.254162073 CEST4434976534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.254235029 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:37.254426003 CEST4434976534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.254506111 CEST49765443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:37.480818033 CEST4434976634.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.480896950 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:37.484858036 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:37.484883070 CEST4434976634.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.484922886 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:37.485167980 CEST4434976634.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.485227108 CEST49766443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:37.490027905 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.490165949 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.492346048 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.492356062 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.493135929 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.494977951 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.495033026 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:37.495104074 CEST4434976735.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.495234013 CEST49767443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:39.612102032 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:39.617281914 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.628616095 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.628657103 CEST4434976834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.628730059 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.629842043 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.629859924 CEST4434976834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.665637016 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.665668011 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.666593075 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.666711092 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.666723967 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.670103073 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.670110941 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.670880079 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.671015024 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:39.671020985 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.706554890 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.750626087 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:39.813195944 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:39.818298101 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.909491062 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:39.951157093 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:40.104284048 CEST4434976834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.104362011 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.107848883 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.107860088 CEST4434976834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.107939005 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.108072996 CEST4434976834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.109039068 CEST49768443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.134174109 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.134450912 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.164339066 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.167398930 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.383246899 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.383260012 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.384316921 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.385320902 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.385330915 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.386358976 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.388536930 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.388695002 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.388695002 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.388741016 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.389051914 CEST4434977034.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.389142990 CEST49770443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.389188051 CEST4434976934.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.389280081 CEST49769443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.413165092 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:40.510945082 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.510978937 CEST4434977134.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.515574932 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.516921997 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:40.516953945 CEST4434977134.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.637546062 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:40.701384068 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.701440096 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.794442892 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:40.839183092 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.084166050 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.089030981 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.173494101 CEST4434977134.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.173563957 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:41.180258036 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.238178015 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.275665998 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:41.275688887 CEST4434977134.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.275743961 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:41.276448965 CEST4434977134.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.277892113 CEST49771443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:01:41.717032909 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.722505093 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.812424898 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.823343039 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.830245018 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.859272003 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:41.922391891 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:41.987034082 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:45.154789925 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:45.161262035 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:45.250754118 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:45.277014017 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:45.281902075 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:45.312166929 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:45.372678995 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:45.425255060 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:51.531687021 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:51.531780958 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.533734083 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:51.533818007 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:51.533838034 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.594930887 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:51.594968081 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.595154047 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:51.595190048 CEST4434977535.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.597398996 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:51.599340916 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:51.609123945 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:51.609139919 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.610447884 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:51.610505104 CEST4434977535.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.610713005 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:51.610743999 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.610820055 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:51.610882044 CEST4434977735.201.103.21192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.613531113 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:51.613533020 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:51.613605022 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:51.613626957 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.614854097 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:51.614896059 CEST4434977735.201.103.21192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.015055895 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.015180111 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.018624067 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.018652916 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.018990040 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.021239042 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.021354914 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.021425962 CEST4434977335.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.022048950 CEST49773443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.025506020 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.031369925 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.084525108 CEST4434977535.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.084649086 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:52.089571953 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:52.089605093 CEST4434977535.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.089704037 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:52.089854002 CEST4434977535.190.72.216192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.089920044 CEST49775443192.168.2.435.190.72.216
                                                                                                                            Jul 27, 2024 12:01:52.124176025 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.124413967 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.127024889 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.127043009 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.127363920 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.129553080 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.129553080 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.129736900 CEST4434977434.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.129890919 CEST49774443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.130745888 CEST4434977735.201.103.21192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.130940914 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:52.133493900 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.135147095 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:52.135176897 CEST4434977735.201.103.21192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.135225058 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:52.135458946 CEST4434977735.201.103.21192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.135710955 CEST49777443192.168.2.435.201.103.21
                                                                                                                            Jul 27, 2024 12:01:52.137640953 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.141217947 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.142685890 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.147049904 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.147082090 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.147147894 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.147212982 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.147217989 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.147259951 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.268985987 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.269011021 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.271508932 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.276738882 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.311070919 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.368923903 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.380373955 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.380570889 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.382947922 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.382977009 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.383377075 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.384788036 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.384859085 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.385068893 CEST44349776143.204.215.115192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.389260054 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.389260054 CEST49776443192.168.2.4143.204.215.115
                                                                                                                            Jul 27, 2024 12:01:52.398983002 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.403889894 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404014111 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404056072 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404216051 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404242039 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404320955 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404330969 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404412031 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404496908 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404500961 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404509068 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404582977 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404587984 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.404711008 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404829025 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.404835939 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.411369085 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.493911028 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.495953083 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.502573013 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.542884111 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.593903065 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.643176079 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.677500010 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.680413008 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.683119059 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.683130980 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.683451891 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.684935093 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.685029030 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.685245991 CEST4434977834.149.100.209192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.685301065 CEST49778443192.168.2.434.149.100.209
                                                                                                                            Jul 27, 2024 12:01:52.687777042 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.692941904 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.783092022 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.791018009 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.796248913 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.828150034 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.874510050 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.874659061 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.874846935 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.874977112 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.875242949 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.875317097 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.877226114 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.877239943 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.877629042 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.879348040 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.879369974 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.879686117 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.881469965 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.881488085 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.881844044 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.884893894 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885093927 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885245085 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885266066 CEST4434977935.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.885283947 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885581017 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885615110 CEST4434978135.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.885636091 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885817051 CEST49779443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.885834932 CEST49781443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.886029005 CEST4434978035.244.181.201192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.886593103 CEST49780443192.168.2.435.244.181.201
                                                                                                                            Jul 27, 2024 12:01:52.887798071 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.890186071 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.895169020 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.944035053 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:52.989578962 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:52.992036104 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:53.008759975 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:53.044423103 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:53.098490953 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:53.144601107 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:56.001863956 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:56.006933928 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:56.097899914 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:56.099972963 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:56.105700970 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:56.153310061 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:01:56.196455956 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:56.237812042 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:06.107892036 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:06.114543915 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:06.208134890 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:06.214569092 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:16.272938967 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:16.292849064 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:16.651190042 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:16.651238918 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.138490915 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:17.143743038 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.233772039 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.236507893 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:17.241831064 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.340641022 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.362003088 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:17.400782108 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:21.544485092 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.544478893 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.544569016 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:21.544569969 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:21.546555996 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.546581030 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:21.557070017 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557071924 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557332993 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557336092 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557354927 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:21.557375908 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:21.557631969 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557735920 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:21.557756901 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.041538954 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.041573048 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.041951895 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.042227983 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.042260885 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.042566061 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.044580936 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.044599056 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.046844006 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.046857119 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.047250986 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.047297955 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.047326088 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.047795057 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.049660921 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.049660921 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.049846888 CEST4434978734.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.049885988 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.050085068 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.050118923 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.050137043 CEST4434978834.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.053970098 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:22.054960012 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.054969072 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.055015087 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.055310965 CEST49787443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.055320978 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.055320978 CEST49788443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.057930946 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.057949066 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.058729887 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.059372902 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.060509920 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.060509920 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.060890913 CEST4434978634.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.061578989 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.061578989 CEST49786443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:02:22.149044991 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.152931929 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:22.158170938 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.249469042 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:22.260102987 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:22.300339937 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:27.609755039 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:27.614679098 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:27.967310905 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:27.970321894 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:27.978691101 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:28.000454903 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:28.000533104 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:28.075577974 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:28.199600935 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:38.067229033 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:38.072312117 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:38.107538939 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:38.114583969 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:48.072319031 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:48.077215910 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:48.192962885 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:48.198000908 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.804534912 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:57.809432030 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.900422096 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.903753042 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:57.908725977 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.968841076 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:02:58.001607895 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:58.089589119 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:07.954521894 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:07.959527016 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:08.095318079 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:08.100569963 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:17.970191956 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:17.976248980 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:18.190459013 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:18.196219921 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:28.057845116 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:28.063020945 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:28.395759106 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:28.401180029 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:38.071621895 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:38.077851057 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:38.489984989 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:38.495249987 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:48.156858921 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:48.162131071 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:48.498655081 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:48.504092932 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:58.258845091 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:58.600646973 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:03:58.970463991 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:03:58.970478058 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:08.996716022 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:09.004067898 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:09.057053089 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:09.063723087 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.655627012 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:18.660756111 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.751197100 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.754757881 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:18.759929895 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.867645979 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.870372057 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:18.990933895 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:22.085407019 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.085490942 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.085700989 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.085701942 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.085772038 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.085804939 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.085819960 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.085848093 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.085872889 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086004019 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086023092 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.086097956 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086097956 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086108923 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086241007 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086244106 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086266994 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.086273909 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.086303949 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.086316109 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.554467916 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.554584980 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.556926012 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.556952953 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.557293892 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.559192896 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.559298992 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.559386015 CEST4434979534.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.559655905 CEST49795443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.562223911 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:22.563114882 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.563227892 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.565237045 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.565680981 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.565694094 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.565861940 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.565962076 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.567135096 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.567945957 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.567972898 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.568468094 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.570281029 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.570422888 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.570444107 CEST4434979234.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.570698023 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.570771933 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.570899010 CEST4434979434.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.574542999 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.574574947 CEST49792443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.574580908 CEST49794443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.594871044 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.594984055 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.597457886 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.597482920 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.597879887 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.599921942 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.600064039 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.600131989 CEST4434979334.120.208.123192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.600195885 CEST49793443192.168.2.434.120.208.123
                                                                                                                            Jul 27, 2024 12:04:22.656766891 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.669110060 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:22.674201012 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.765414000 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:22.770526886 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:22.891149998 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:32.669758081 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:32.675177097 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:32.790456057 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:32.795536041 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:42.803272963 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:42.812808990 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:42.863727093 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:42.870858908 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:52.906056881 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:52.911458969 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:52.966485977 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:04:52.972778082 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:02.998012066 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:03.002995968 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:03.058295012 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:03.063483000 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:13.003601074 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:13.009841919 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:13.073189020 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:13.078418970 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:23.016571045 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:23.022197008 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:23.078452110 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:23.084091902 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:33.028292894 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:33.033814907 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:33.090630054 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:33.096437931 CEST804975934.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:43.056432962 CEST4976280192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:43.061748981 CEST804976234.107.221.82192.168.2.4
                                                                                                                            Jul 27, 2024 12:05:43.103324890 CEST4975980192.168.2.434.107.221.82
                                                                                                                            Jul 27, 2024 12:05:43.108633041 CEST804975934.107.221.82192.168.2.4

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Jul 27, 2024 12:01:22.973314047 CEST5194553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:22.980448008 CEST53519451.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:22.981287003 CEST6436453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:22.989238024 CEST53643641.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.945096970 CEST5998953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.953375101 CEST5479953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.959489107 CEST6534153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST53547991.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.966877937 CEST53653411.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.971692085 CEST5093553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.972991943 CEST5815753192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST53509351.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.980140924 CEST53581571.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:24.984622002 CEST5967153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:24.991761923 CEST53596711.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.507405043 CEST5972053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.507997036 CEST5386553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.514163971 CEST53597201.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.514873028 CEST53538651.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.786762953 CEST5490453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.790915966 CEST6243053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.794609070 CEST53549041.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.795416117 CEST5341953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.802377939 CEST53534191.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.803338051 CEST5265553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.810543060 CEST53526551.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.919591904 CEST6243853192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.926966906 CEST53624381.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.929716110 CEST4934553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.936592102 CEST53493451.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:26.937638998 CEST6274653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:26.944690943 CEST53627461.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.005302906 CEST4950953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:27.013431072 CEST53495091.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.015352964 CEST6165053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:27.023658037 CEST53616501.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.135317087 CEST5111753192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:27.142659903 CEST53511171.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.144896030 CEST6295953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:27.151959896 CEST53629591.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:27.152482986 CEST5588553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:27.161488056 CEST53558851.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.424634933 CEST5239453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:32.432384014 CEST53523941.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.433059931 CEST5213853192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:32.442146063 CEST53521381.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.442655087 CEST5574053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:32.453044891 CEST53557401.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:32.910329103 CEST5338853192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:32.951836109 CEST53622341.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:35.754440069 CEST5065553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.759769917 CEST5392253192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.763909101 CEST53630901.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.768455982 CEST5646953192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.776887894 CEST53564691.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.777362108 CEST5985453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.784616947 CEST53598541.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.969461918 CEST5717453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.976716042 CEST53571741.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:36.993108034 CEST5394053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:36.997406960 CEST4948453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:37.005270004 CEST53539401.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.009241104 CEST53494841.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:37.010633945 CEST5614153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:37.021383047 CEST53561411.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.668814898 CEST5506653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.686218023 CEST53498231.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.865160942 CEST6041653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.865333080 CEST5741853192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.865715981 CEST5222253192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.873631001 CEST53604161.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.873667955 CEST53574181.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST53522221.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.874345064 CEST4934153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.874499083 CEST6510153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.874799967 CEST5440053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.881289005 CEST53493411.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.881975889 CEST5343653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.882314920 CEST53544001.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.882780075 CEST6413853192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.882810116 CEST53651011.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.883317947 CEST6459253192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.888983965 CEST53534361.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.889518976 CEST53641381.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.889528990 CEST6241453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.892995119 CEST53645921.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.897140026 CEST53624141.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.898055077 CEST6541753192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.905002117 CEST53654171.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:44.907284975 CEST6109053192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:44.914333105 CEST53610901.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.532254934 CEST5450153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.542485952 CEST53545011.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.543019056 CEST5019653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.550462961 CEST53501961.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.591192007 CEST5147753192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.596743107 CEST6108153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.599281073 CEST53514771.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.601083040 CEST5307753192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.604538918 CEST53610811.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.605528116 CEST6234253192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.614111900 CEST53530771.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.617332935 CEST5271453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.620130062 CEST53623421.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.625158072 CEST5754453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:01:51.626297951 CEST53527141.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:51.633034945 CEST53575441.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:01:55.180783987 CEST53570861.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:16.190888882 CEST5386453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:02:16.668637991 CEST53508451.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:17.138696909 CEST5140353192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:02:21.564897060 CEST5448553192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:02:21.572328091 CEST53544851.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.289053917 CEST5446453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:02:57.314277887 CEST53591141.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:02:57.804869890 CEST5630453192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:04:18.090763092 CEST4972353192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:04:18.108530045 CEST5869353192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:04:18.124353886 CEST53617921.1.1.1192.168.2.4
                                                                                                                            Jul 27, 2024 12:04:18.656280994 CEST5277653192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:04:22.085998058 CEST6036153192.168.2.41.1.1.1
                                                                                                                            Jul 27, 2024 12:04:22.094129086 CEST53603611.1.1.1192.168.2.4

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Jul 27, 2024 12:01:22.973314047 CEST192.168.2.41.1.1.10xf803Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:22.981287003 CEST192.168.2.41.1.1.10xb659Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.945096970 CEST192.168.2.41.1.1.10x53e3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.953375101 CEST192.168.2.41.1.1.10xf7edStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.959489107 CEST192.168.2.41.1.1.10x21e6Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.971692085 CEST192.168.2.41.1.1.10xcb0Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.972991943 CEST192.168.2.41.1.1.10xf372Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.984622002 CEST192.168.2.41.1.1.10x277dStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.507405043 CEST192.168.2.41.1.1.10x8c05Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.507997036 CEST192.168.2.41.1.1.10xc7a5Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.786762953 CEST192.168.2.41.1.1.10x455aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.790915966 CEST192.168.2.41.1.1.10x1ca7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.795416117 CEST192.168.2.41.1.1.10xac2bStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.803338051 CEST192.168.2.41.1.1.10xe378Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.919591904 CEST192.168.2.41.1.1.10x959fStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.929716110 CEST192.168.2.41.1.1.10x2e73Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.937638998 CEST192.168.2.41.1.1.10x8290Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.005302906 CEST192.168.2.41.1.1.10x5041Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.015352964 CEST192.168.2.41.1.1.10xeab7Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.135317087 CEST192.168.2.41.1.1.10xec3bStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.144896030 CEST192.168.2.41.1.1.10xb98bStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.152482986 CEST192.168.2.41.1.1.10xcc73Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.424634933 CEST192.168.2.41.1.1.10x25deStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.433059931 CEST192.168.2.41.1.1.10x4c9fStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.442655087 CEST192.168.2.41.1.1.10x133cStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.910329103 CEST192.168.2.41.1.1.10x3939Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:35.754440069 CEST192.168.2.41.1.1.10x3e4fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.759769917 CEST192.168.2.41.1.1.10x5a8aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.768455982 CEST192.168.2.41.1.1.10xdfa0Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.777362108 CEST192.168.2.41.1.1.10x5410Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.969461918 CEST192.168.2.41.1.1.10xfc8Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.993108034 CEST192.168.2.41.1.1.10x7910Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.997406960 CEST192.168.2.41.1.1.10x556fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:37.010633945 CEST192.168.2.41.1.1.10xff15Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.668814898 CEST192.168.2.41.1.1.10x9e38Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.865160942 CEST192.168.2.41.1.1.10xda03Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.865333080 CEST192.168.2.41.1.1.10x74f9Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.865715981 CEST192.168.2.41.1.1.10x72Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.874345064 CEST192.168.2.41.1.1.10x98bbStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.874499083 CEST192.168.2.41.1.1.10x5564Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.874799967 CEST192.168.2.41.1.1.10xeb6bStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.881975889 CEST192.168.2.41.1.1.10x8804Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882780075 CEST192.168.2.41.1.1.10xc03cStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.883317947 CEST192.168.2.41.1.1.10x757cStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.889528990 CEST192.168.2.41.1.1.10x819Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.898055077 CEST192.168.2.41.1.1.10x1764Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.907284975 CEST192.168.2.41.1.1.10x335eStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.532254934 CEST192.168.2.41.1.1.10x8e9eStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.543019056 CEST192.168.2.41.1.1.10x8f35Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.591192007 CEST192.168.2.41.1.1.10x7f03Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.596743107 CEST192.168.2.41.1.1.10x3596Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.601083040 CEST192.168.2.41.1.1.10x5041Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.605528116 CEST192.168.2.41.1.1.10x8d57Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.617332935 CEST192.168.2.41.1.1.10x4b25Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.625158072 CEST192.168.2.41.1.1.10x20d0Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:16.190888882 CEST192.168.2.41.1.1.10xc956Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:17.138696909 CEST192.168.2.41.1.1.10x3b64Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:21.564897060 CEST192.168.2.41.1.1.10x54c8Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:57.289053917 CEST192.168.2.41.1.1.10x1c0aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:57.804869890 CEST192.168.2.41.1.1.10xaf6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.090763092 CEST192.168.2.41.1.1.10x7b7dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.108530045 CEST192.168.2.41.1.1.10x5bdaStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.656280994 CEST192.168.2.41.1.1.10xf81aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:22.085998058 CEST192.168.2.41.1.1.10x3e57Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Jul 27, 2024 12:01:22.970361948 CEST1.1.1.1192.168.2.40xab1cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:22.980448008 CEST1.1.1.1192.168.2.40xf803No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.955990076 CEST1.1.1.1192.168.2.40x53e3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.955990076 CEST1.1.1.1192.168.2.40x53e3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.960973978 CEST1.1.1.1192.168.2.40xf7edNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.966877937 CEST1.1.1.1192.168.2.40x21e6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.979298115 CEST1.1.1.1192.168.2.40xcb0No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.980140924 CEST1.1.1.1192.168.2.40xf372No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.991761923 CEST1.1.1.1192.168.2.40x277dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.991761923 CEST1.1.1.1192.168.2.40x277dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.991761923 CEST1.1.1.1192.168.2.40x277dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:24.991761923 CEST1.1.1.1192.168.2.40x277dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.514163971 CEST1.1.1.1192.168.2.40x8c05No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.514873028 CEST1.1.1.1192.168.2.40xc7a5No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.514873028 CEST1.1.1.1192.168.2.40xc7a5No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.794609070 CEST1.1.1.1192.168.2.40x455aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.797730923 CEST1.1.1.1192.168.2.40x1ca7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.797730923 CEST1.1.1.1192.168.2.40x1ca7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.802377939 CEST1.1.1.1192.168.2.40xac2bNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.926966906 CEST1.1.1.1192.168.2.40x959fNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.926966906 CEST1.1.1.1192.168.2.40x959fNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:26.936592102 CEST1.1.1.1192.168.2.40x2e73No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.002629995 CEST1.1.1.1192.168.2.40xe00aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.002629995 CEST1.1.1.1192.168.2.40xe00aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.013431072 CEST1.1.1.1192.168.2.40x5041No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.142659903 CEST1.1.1.1192.168.2.40xec3bNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.142659903 CEST1.1.1.1192.168.2.40xec3bNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.142659903 CEST1.1.1.1192.168.2.40xec3bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.151959896 CEST1.1.1.1192.168.2.40xb98bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:27.161488056 CEST1.1.1.1192.168.2.40xcc73No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.432384014 CEST1.1.1.1192.168.2.40x25deNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.432384014 CEST1.1.1.1192.168.2.40x25deNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.432384014 CEST1.1.1.1192.168.2.40x25deNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.442146063 CEST1.1.1.1192.168.2.40x4c9fNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:32.917239904 CEST1.1.1.1192.168.2.40x3939No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:35.761254072 CEST1.1.1.1192.168.2.40x3e4fNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.767079115 CEST1.1.1.1192.168.2.40xd6cbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.769645929 CEST1.1.1.1192.168.2.40x5a8aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.769645929 CEST1.1.1.1192.168.2.40x5a8aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.776887894 CEST1.1.1.1192.168.2.40xdfa0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.976716042 CEST1.1.1.1192.168.2.40xfc8No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:36.976716042 CEST1.1.1.1192.168.2.40xfc8No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:37.004479885 CEST1.1.1.1192.168.2.40x3c57No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:37.004479885 CEST1.1.1.1192.168.2.40x3c57No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:37.005270004 CEST1.1.1.1192.168.2.40x7910No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:39.627958059 CEST1.1.1.1192.168.2.40x7682No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.676875114 CEST1.1.1.1192.168.2.40x9e38No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873631001 CEST1.1.1.1192.168.2.40xda03No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873631001 CEST1.1.1.1192.168.2.40xda03No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873667955 CEST1.1.1.1192.168.2.40x74f9No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873667955 CEST1.1.1.1192.168.2.40x74f9No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST1.1.1.1192.168.2.40x72No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST1.1.1.1192.168.2.40x72No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST1.1.1.1192.168.2.40x72No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST1.1.1.1192.168.2.40x72No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.873677969 CEST1.1.1.1192.168.2.40x72No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.881289005 CEST1.1.1.1192.168.2.40x98bbNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882314920 CEST1.1.1.1192.168.2.40xeb6bNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882314920 CEST1.1.1.1192.168.2.40xeb6bNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882314920 CEST1.1.1.1192.168.2.40xeb6bNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882314920 CEST1.1.1.1192.168.2.40xeb6bNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.882810116 CEST1.1.1.1192.168.2.40x5564No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.888983965 CEST1.1.1.1192.168.2.40x8804No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.892995119 CEST1.1.1.1192.168.2.40x757cNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.897140026 CEST1.1.1.1192.168.2.40x819No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:44.905002117 CEST1.1.1.1192.168.2.40x1764No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.542485952 CEST1.1.1.1192.168.2.40x8e9eNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.599281073 CEST1.1.1.1192.168.2.40x7f03No error (0)services.addons.mozilla.org143.204.215.115A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.599281073 CEST1.1.1.1192.168.2.40x7f03No error (0)services.addons.mozilla.org143.204.215.18A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.599281073 CEST1.1.1.1192.168.2.40x7f03No error (0)services.addons.mozilla.org143.204.215.105A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.599281073 CEST1.1.1.1192.168.2.40x7f03No error (0)services.addons.mozilla.org143.204.215.122A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.604538918 CEST1.1.1.1192.168.2.40x3596No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.604538918 CEST1.1.1.1192.168.2.40x3596No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.614111900 CEST1.1.1.1192.168.2.40x5041No error (0)services.addons.mozilla.org143.204.215.18A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.614111900 CEST1.1.1.1192.168.2.40x5041No error (0)services.addons.mozilla.org143.204.215.122A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.614111900 CEST1.1.1.1192.168.2.40x5041No error (0)services.addons.mozilla.org143.204.215.115A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.614111900 CEST1.1.1.1192.168.2.40x5041No error (0)services.addons.mozilla.org143.204.215.105A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:51.620130062 CEST1.1.1.1192.168.2.40x8d57No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:52.403372049 CEST1.1.1.1192.168.2.40xfe0aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:52.403372049 CEST1.1.1.1192.168.2.40xfe0aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:52.904835939 CEST1.1.1.1192.168.2.40x1943No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:01:52.904835939 CEST1.1.1.1192.168.2.40x1943No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:16.651256084 CEST1.1.1.1192.168.2.40xc956No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:17.145889997 CEST1.1.1.1192.168.2.40x3b64No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:17.145889997 CEST1.1.1.1192.168.2.40x3b64No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:21.561031103 CEST1.1.1.1192.168.2.40x620No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:57.296201944 CEST1.1.1.1192.168.2.40x1c0aNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:57.814258099 CEST1.1.1.1192.168.2.40xaf6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:02:57.814258099 CEST1.1.1.1192.168.2.40xaf6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.102787971 CEST1.1.1.1192.168.2.40x7b7dNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.117070913 CEST1.1.1.1192.168.2.40x5bdaNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.663611889 CEST1.1.1.1192.168.2.40xf81aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:18.663611889 CEST1.1.1.1192.168.2.40xf81aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                            Jul 27, 2024 12:04:22.083288908 CEST1.1.1.1192.168.2.40x21f2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • detectportal.firefox.com

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.44974634.107.221.82807644C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Jul 27, 2024 12:01:24.987715006 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:25.435014009 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 14:19:52 GMT
                                                                                                                            Age: 70893
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.44975134.107.221.82807644C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Jul 27, 2024 12:01:26.803622007 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:27.268932104 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 15:00:00 GMT
                                                                                                                            Age: 68487
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            2192.168.2.44975934.107.221.82807644C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Jul 27, 2024 12:01:28.280447006 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:28.728187084 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85516
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:32.650717020 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:32.745239973 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85520
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:36.759735107 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:36.855192900 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85524
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:39.612102032 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:39.706554890 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85527
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:40.413165092 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:40.637546062 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:40.794442892 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85528
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:41.717032909 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:41.812424898 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85529
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:45.154789925 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:45.250754118 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85533
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:52.025506020 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:52.133493900 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85540
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:52.141217947 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:52.268985987 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85540
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:52.398983002 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:52.493911028 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85540
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:52.687777042 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:52.783092022 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85540
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:52.890186071 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:52.989578962 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85540
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:01:56.001863956 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:01:56.097899914 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85544
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:02:06.107892036 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:16.272938967 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:17.138490915 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:02:17.233772039 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85565
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:02:22.053970098 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:02:22.149044991 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85570
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:02:27.609755039 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:02:27.967310905 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85575
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:02:28.000454903 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85575
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:02:38.067229033 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:48.072319031 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:57.804534912 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:02:57.900422096 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85605
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:03:07.954521894 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:17.970191956 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:28.057845116 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:38.071621895 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:48.156858921 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:58.258845091 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:04:18.655627012 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:04:18.751197100 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85686
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                            Jul 27, 2024 12:04:22.562223911 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            Connection: keep-alive
                                                                                                                            Jul 27, 2024 12:04:22.656766891 CEST298INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 90
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Fri, 26 Jul 2024 10:16:12 GMT
                                                                                                                            Age: 85690
                                                                                                                            Content-Type: text/html
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            3192.168.2.44976234.107.221.82807644C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Jul 27, 2024 12:01:29.268729925 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:29.734808922 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35026
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:29.987092018 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35026
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:32.909082890 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:33.005661964 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35029
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:36.981729031 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:37.078145981 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35034
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:39.813195944 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:39.909491062 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35036
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:41.084166050 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:41.180258036 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35038
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:41.823343039 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:41.922391891 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35038
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:45.277014017 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:45.372678995 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35042
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:52.137640953 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:52.269011021 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35049
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:52.271508932 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:52.368923903 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35049
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:52.495953083 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:52.593903065 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35049
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:52.791018009 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:52.887798071 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35049
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:52.992036104 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:53.098490953 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35050
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:01:56.099972963 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:01:56.196455956 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35053
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:02:06.208134890 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:16.292849064 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:17.236507893 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:02:17.340641022 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35074
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:02:22.152931929 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:02:22.249469042 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35079
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:02:27.970321894 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:02:28.075577974 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35085
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:02:38.107538939 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:48.192962885 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:02:57.903753042 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:02:58.001607895 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35114
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:03:08.095318079 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:18.190459013 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:28.395759106 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:38.489984989 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:48.498655081 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:03:58.600646973 CEST6OUTData Raw: 00
                                                                                                                            Data Ascii:
                                                                                                                            Jul 27, 2024 12:04:18.754757881 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:04:18.867645979 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35195
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success
                                                                                                                            Jul 27, 2024 12:04:22.669110060 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                            Host: detectportal.firefox.com
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                            Accept: */*
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Connection: keep-alive
                                                                                                                            Pragma: no-cache
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jul 27, 2024 12:04:22.765414000 CEST216INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Length: 8
                                                                                                                            Via: 1.1 google
                                                                                                                            Date: Sat, 27 Jul 2024 00:17:43 GMT
                                                                                                                            Age: 35199
                                                                                                                            Content-Type: text/plain
                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                            Data Ascii: success


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:06:01:01
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                            Imagebase:0x620000
                                                                                                                            File size:3'206'656 bytes
                                                                                                                            MD5 hash:B078D31FC894B91A32E1C40C596FE1EC
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:Borland Delphi
                                                                                                                            Reputation:low
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:2
                                                                                                                            Start time:06:01:19
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:3
                                                                                                                            Start time:06:01:19
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:4
                                                                                                                            Start time:06:01:19
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:6
                                                                                                                            Start time:06:01:20
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab533d8-a973-49df-af8e-2a2d2e8eca71} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b9176d110 socket
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:9
                                                                                                                            Start time:06:01:22
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -prefsHandle 1568 -prefMapHandle 3876 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c04207-d988-4604-93b1-3fc9de6d621b} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20b91742910 rdd
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:06:01:36
                                                                                                                            Start date:27/07/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5456 -prefMapHandle 5408 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09085be-52c2-4e9a-a064-f9a8b5c45ee7} 7644 "\\.\pipe\gecko-crash-server-pipe.7644" 20baab68510 utility
                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:6.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:4
                                                                                                                              Total number of Limit Nodes:0
                                                                                                                              execution_graph 1612 8adb8c 1614 8adb99 VirtualAlloc 1612->1614 1615 8adbc4 1616 8adbdc LoadStringA 1615->1616

                                                                                                                              Executed Functions

                                                                                                                              Function 008ADB8C Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 58 8adb8c-8adb97 59 8adb99-8adb9e 58->59 60 8adba0-8adba3 58->60 61 8adbaa-8adbbe VirtualAlloc 59->61 60->61 62 8adba5 60->62 62->61
                                                                                                                              APIs
                                                                                                                              • VirtualAlloc.KERNEL32(?,?,?,?), ref: 008ADBB7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4151938239.00000000008A0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00756000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4151938239.0000000000756000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4151938239.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4151938239.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4151938239.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_620000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: bf7496d120f5bf96414a9b73f74abcd15029603a03c11083c7aafcb131cbeef9
                                                                                                                              • Instruction ID: 12e87815a301120931e013c251350d4cd76638b8bb0cf4e4265662789eddbe20
                                                                                                                              • Opcode Fuzzy Hash: bf7496d120f5bf96414a9b73f74abcd15029603a03c11083c7aafcb131cbeef9
                                                                                                                              • Instruction Fuzzy Hash: D4E0EC753142089BEB50DE4CD854B5B339DF789720F108021F90AD7A18C234ED129771

                                                                                                                              Non-executed Functions

                                                                                                                              Function FF890000 Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 273 ff890000-ff890009 274 ff89000f-ff89001f 273->274 275 ff890021 273->275 274->275 276 ff890042-ff89004b 275->276 277 ff890027-ff890028 275->277 280 ff89004c-ff89005c 276->280 278 ff89002e 277->278 279 ff890030 277->279 278->279 279->280 281 ff890036-ff89003a 279->281 282 ff890062 280->282 283 ff890064-ff890069 280->283 281->276 284 ff890040 281->284 282->283 285 ff89007d-ff89008e 283->285 286 ff89006f-ff890073 283->286 284->276 287 ff89008f-ff890092 285->287 286->287 288 ff890079 286->288 289 ff890098 287->289 290 ff89009a-ff8900af 287->290 288->285 289->290 291 ff8900ba-ff89010f 290->291 292 ff8900b5 290->292 293 ff890115 291->293 294 ff890116-ff89015e 291->294 292->291 293->294 295 ff89016b-ff8901ad 294->295 296 ff890164-ff89016a 294->296 297 ff8901d1-ff890211 295->297 298 ff8901b3-ff8901b5 295->298 296->295 301 ff890224 297->301 302 ff890217-ff89021b 297->302 298->297 299 ff8901bb-ff8901ca 298->299 299->297 303 ff890225-ff890228 301->303 302->303 304 ff890221 302->304 305 ff89022e-ff89023a 303->305 306 ff890240-ff890247 303->306 304->301 305->306 307 ff89024a-ff890253 305->307 306->307 308 ff890259 307->308 309 ff89025b-ff8902b2 307->309 308->309 310 ff8902b8-ff8902bd 309->310 311 ff8903de-ff89040a 309->311 312 ff8902c3 310->312 313 ff8902c5-ff89030e 310->313 314 ff89043a 311->314 315 ff890410-ff890411 311->315 312->313 317 ff89031e 313->317 318 ff890314-ff890315 313->318 316 ff89043b-ff890447 314->316 319 ff890421 315->319 320 ff890417-ff890418 315->320 331 ff89044d-ff890453 316->331 332 ff890454-ff890478 316->332 322 ff89031f-ff890334 317->322 321 ff89031b 318->321 318->322 324 ff890422-ff890425 319->324 323 ff89041e 320->323 320->324 321->317 326 ff89033a-ff89035e 322->326 327 ff89037d-ff8903b0 322->327 323->319 324->316 328 ff89042b-ff890432 324->328 333 ff890364 326->333 334 ff890366 326->334 330 ff8903b1-ff8903c9 327->330 328->314 329 ff890438 328->329 329->314 341 ff8903cf 330->341 342 ff8903d2-ff8903d9 330->342 331->332 336 ff89047e 332->336 337 ff890480-ff8904ca 332->337 333->334 334->330 335 ff89036c-ff890374 334->335 335->327 338 ff89037a 335->338 336->337 340 ff8904d1-ff8904d6 337->340 338->327 343 ff8904dc 340->343 344 ff8904de 340->344 341->342 342->340 343->344 345 ff8904ec 344->345 346 ff8904e4-ff8904e6 344->346 347 ff8904ee-ff8904fa 345->347 346->345 346->347 348 ff890500-ff890504 347->348 349 ff890505 347->349 348->349 350 ff89050c-ff89057a 349->350 351 ff890580-ff8905a2 350->351 352 ff8905b3-ff8905d2 350->352 353 ff8905a9 351->353 354 ff8905a8 351->354 355 ff8905d9-ff8905db 352->355 353->355 356 ff8905af-ff8905b2 353->356 354->353 357 ff8905ee-ff890600 355->357 358 ff8905e1-ff8905e3 355->358 356->352 360 ff890604-ff89060b 357->360 359 ff8905e9-ff8905ec 358->359 358->360 359->357 361 ff890621-ff890631 360->361 362 ff890611-ff89061b 360->362 363 ff890634-ff8906b0 361->363 362->361 362->363 364 ff8906c7-ff8906e7 363->364 365 ff8906b6-ff8906c1 363->365 366 ff8906ea-ff890702 364->366 365->364 365->366 367 ff890708-ff89070a 366->367 368 ff890710 366->368 367->368 369 ff890712-ff89071b 367->369 368->369 370 ff890721 369->370 371 ff890727-ff890740 369->371 370->371 373 ff89076a-ff890783 371->373 374 ff890746-ff890764 371->374 375 ff890786-ff8907a7 373->375 374->373 374->375 376 ff8907ad 375->376 377 ff8907af-ff8907e4 375->377 376->377 379 ff8907ea 377->379 380 ff8907ec-ff8907fb 377->380 379->380 380->350 381 ff890801-ff890843 380->381 382 ff890849-ff890865 381->382 383 ff89087d-ff890886 381->383 384 ff89086b 382->384 385 ff8908cc-ff8908d3 382->385 386 ff89088c-ff89088e 383->386 387 ff890894-ff8908b9 383->387 388 ff890871 384->388 389 ff890872-ff890875 384->389 393 ff8908d9-ff8908ed 385->393 394 ff890957 385->394 386->387 390 ff8908bc-ff8908c5 386->390 387->390 388->389 389->383 391 ff89087b 389->391 390->385 391->383 396 ff8908f3 393->396 397 ff8908f5-ff89094e 393->397 395 ff890958-ff89099b 394->395 395->350 396->397 397->395 398 ff890954 397->398 398->394
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4165200808.00000000FF890000.00000040.00001000.00020000.00000000.sdmp, Offset: FF890000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_ff890000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: pM$
                                                                                                                              • API String ID: 0-3777436282
                                                                                                                              • Opcode ID: 03b966e777e9e9ac8fb0d4883b976260eeea057f49ccfcc63433b6462d4c5150
                                                                                                                              • Instruction ID: 7068bb8c4e3d33f30e9ee874f9b6a051bd31436a3e410e95e5b7063b375682e8
                                                                                                                              • Opcode Fuzzy Hash: 03b966e777e9e9ac8fb0d4883b976260eeea057f49ccfcc63433b6462d4c5150
                                                                                                                              • Instruction Fuzzy Hash: AD029CF3B003006BE324893DDC84A97769BEBC4724F65463CEA4DAB7C1E6B5AD118791
                                                                                                                              Function FF8907B8 Relevance: .3, Instructions: 346COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4165200808.00000000FF890000.00000040.00001000.00020000.00000000.sdmp, Offset: FF890000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_ff890000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 96cf50b83ae4425fc447227b54d529d68bde7920f348c56c14adf58f5f1170a3
                                                                                                                              • Instruction ID: 1660fbcf3003b10321b0b51575c87c45cfa7ead030f6639659d58142a84c9551
                                                                                                                              • Opcode Fuzzy Hash: 96cf50b83ae4425fc447227b54d529d68bde7920f348c56c14adf58f5f1170a3
                                                                                                                              • Instruction Fuzzy Hash: A1A1BFF3F013006BF3258928DC84A57769BDBC4724F298A3CE94D6B7C1E679AD1286D1
                                                                                                                              Function FF891BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4165200808.00000000FF890000.00000040.00001000.00020000.00000000.sdmp, Offset: FF890000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_ff890000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1f6f01d11b248f140977c4356656d9e292aae91690629cb138e434ac3e078fa9
                                                                                                                              • Instruction ID: ffb82865a61f906fdf4c1c25099f7e1a744b3a5c2bcedf09da44a1419af7057b
                                                                                                                              • Opcode Fuzzy Hash: 1f6f01d11b248f140977c4356656d9e292aae91690629cb138e434ac3e078fa9
                                                                                                                              • Instruction Fuzzy Hash:

                                                                                                                              Executed Functions

                                                                                                                              Function 000002E3FD101B49 Relevance: .3, Instructions: 327COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000003.1968796915.000002E3FD101000.00000020.00000800.00020000.00000000.sdmp, Offset: 000002E3FD101000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_3_2e3fd101000_firefox.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f8427fc6d2df8d125c5d1a125a3a7b10cb8daee5a7b35dfb2f7a242d65dfc2d8
                                                                                                                              • Instruction ID: fa9411edee622eb19eb948335189a365cb6513fd30743266fe602362fbb5699f
                                                                                                                              • Opcode Fuzzy Hash: f8427fc6d2df8d125c5d1a125a3a7b10cb8daee5a7b35dfb2f7a242d65dfc2d8
                                                                                                                              • Instruction Fuzzy Hash: 3CA1AF31614A499FEB88EB58D89CBA8B7F1FF5D311F650069E009E76A2C770AC81CB50
                                                                                                                              Function 000002E3FD1026FE Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000003.1968796915.000002E3FD101000.00000020.00000800.00020000.00000000.sdmp, Offset: 000002E3FD101000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_3_2e3fd101000_firefox.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1a434facb24ff4a77f6f5cf257222a2ad30b1c08b3404e4dfa44062a030209f
                                                                                                                              • Instruction ID: f0f2c97ee9ca36e41240d835598fff6d8650c1527b19583caf7d3dcd5f7c9144
                                                                                                                              • Opcode Fuzzy Hash: a1a434facb24ff4a77f6f5cf257222a2ad30b1c08b3404e4dfa44062a030209f
                                                                                                                              • Instruction Fuzzy Hash: 6B11CE30A14A488FDF99EF28D8CCF253BA1FB6E345F940299D505CB292C230D844CB61

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:0.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:100%
                                                                                                                              Total number of Nodes:6
                                                                                                                              Total number of Limit Nodes:0
                                                                                                                              execution_graph 5005 12c8e5d2377 5006 12c8e5d2387 NtQuerySystemInformation 5005->5006 5007 12c8e5d2324 5006->5007 5008 12c8e5f63b2 5009 12c8e5f6409 NtQuerySystemInformation 5008->5009 5010 12c8e5f4784 5008->5010 5009->5010

                                                                                                                              Callgraph

                                                                                                                              Executed Functions

                                                                                                                              Function 0000012C8E5F63B2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000009.00000002.4155674988.0000012C8E5F4000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000012C8E5F4000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_9_2_12c8e5f4000_firefox.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InformationQuerySystem
                                                                                                                              • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                              • API String ID: 3562636166-3072146587
                                                                                                                              • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                              • Instruction ID: 361e29ca7c52dddc55e8f1139728ac034a12b5b21473c14b2f55199657bd16cd
                                                                                                                              • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                              • Instruction Fuzzy Hash: 25A3E531618A498BDB2EDF18DC856E973E5FB98700F14422EED4AC7255DF34EA128BC1
                                                                                                                              Function 0000012C8E5D2377 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000009.00000002.4155348169.0000012C8E5D0000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000012C8E5D0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_9_2_12c8e5d0000_firefox.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InformationQuerySystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3562636166-0
                                                                                                                              • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                              • Instruction ID: 680f135dfec211b609db898bc9a67bbee25f08d00e9d3432aa4a457c2290cbed
                                                                                                                              • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                              • Instruction Fuzzy Hash: BEA3D231714A498BEB2DDF28DC857E977E5FB95301F04823EE94BC3251DA34EA528AC1