Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1540376
MD5: 4bd898f7538e346e91e4c83e0c11ad2a
SHA1: f582f982b3adbdb5eb1baeedbfff063fbc90cbc4
SHA256: e3356f3e1f7ab9698f237f04f492a90900f37d1e4b4682c0d9c1f810108c9cf6
Tags: exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.2% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2168491420.00000223C7281000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2172455447.00000223BB6C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2172455447.00000223BB6C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsock32.pdbUGP source: firefox.exe, 0000000E.00000003.2167861509.00000223BB67F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2172816789.00000223BB6B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2168491420.00000223C7281000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2172816789.00000223BB6B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2167861509.00000223BB67F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0091DBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008EC2A2 FindFirstFileExW, 0_2_008EC2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009268EE FindFirstFileW,FindClose, 0_2_009268EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_0092698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0091D076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0091D3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00929642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00929642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_0092979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00929B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00929B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00925C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00925C97
Source: firefox.exe Memory has grown: Private usage: 1MB later: 219MB
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 31
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 151.101.1.91 151.101.1.91
Source: Joe Sandbox View IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View IP Address: 34.160.144.191 34.160.144.191
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092CE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_0092CE44
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2290665005.00000223C388F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C42E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246834591.00000223C388F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262433713.00000223C6CB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2290665005.00000223C388F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C42E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248012648.00000223BE4C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262433713.00000223C6CB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2290665005.00000223C388F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C42E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248012648.00000223BE4C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262433713.00000223C6CB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2258040254.00000223BCD85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228886727.00000223BE4A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCD5A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: youtube.com
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2312042044.00000223BB75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2309704148.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271324281.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.2282891792.00000223C3C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000E.00000003.2282891792.00000223C3C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000E.00000003.2282891792.00000223C3C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000E.00000003.2282891792.00000223C3C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCe
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000E.00000003.2167861509.00000223BB67F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.microsJ
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.di
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.2220367515.00000223C7116000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255962418.00000223BE5B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.2256620474.00000223BD413000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.2315386988.00000223BAFF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.2220367515.00000223C7116000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242144285.00000223C712C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220367515.00000223C712C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.2246529931.00000223C6BFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000E.00000003.2319197769.00000223B7061000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/dates-and-times4
Source: firefox.exe, 0000000E.00000003.2319197769.00000223B7061000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195299895.00000223C5CCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.2207022682.00000223C700E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220114935.00000223C700E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257529339.00000223BD245000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.2112129904.00000223BD7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2110124642.00000223C39CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261055798.00000223BBCE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275764357.00000223BDEB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259917262.00000223BC263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316041053.00000223BAF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216142952.00000223BD6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216142952.00000223BD6CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185790588.00000223BD5B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275764357.00000223BDEE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223369095.00000223C3BDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273304611.00000223BE594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCDBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185790588.00000223BD5BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245322694.00000223BDEE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186291653.00000223BD594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111081780.00000223C385E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2252672533.00000223BCA7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238973901.00000223BD5DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225343419.00000223BF149000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253627032.00000223BE594000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.2207022682.00000223C700E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220114935.00000223C700E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB657000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digice
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB62F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB657000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicez
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000E.00000003.2225411116.00000223BF133000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000000E.00000003.2225411116.00000223BF133000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000000E.00000003.2174042782.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB67D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.2282891792.00000223C3C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000E.00000003.2260883271.00000223BBEAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228171819.00000223BF03E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311349279.00000223BBE6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261870027.00000223BB7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245662380.00000223BDE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255002143.00000223C712E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277072916.00000223BDA07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311278874.00000223BBEAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264519487.00000223BBEAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261013834.00000223BBE6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310634565.00000223BDE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242144285.00000223C712C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220367515.00000223C712C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245567054.00000223BDE7A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: mozilla-temp-41.14.dr String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.2264106991.00000223BC21F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.2112129904.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277213770.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.2315386988.00000223BAFF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.2246834591.00000223C3843000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000E.00000003.2131115233.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215896834.00000223BE19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132410690.00000223BE1A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197096375.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2183047697.00000223BE19A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2213275084.00000223BE19A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C428D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204314509.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133689451.00000223BE1A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215711403.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2130710036.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199293988.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200119845.00000223BE19A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214585333.00000223C69C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.2107669161.0000000001448000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdD
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.2274206484.00000223BE4D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258040254.00000223BCD85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258040254.00000223BCDBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228886727.00000223BE4D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259016114.00000223BCD56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248012648.00000223BE4D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C42B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000E.00000003.2313591592.00000223BB752000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.2252347282.00000223BD47E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 0000000E.00000003.2267378958.00000223C4F75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.2215896834.00000223BE1D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.2132410690.00000223BE16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131786535.00000223BE16B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.2227287959.00000223BF067000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.2261139848.00000223BBC42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311565381.00000223BBC42000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.2264106991.00000223BC210000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2288425866.00000223BC633000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2269391765.00000223C3B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2269068154.00000223C3BBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE6BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000E.00000003.2126551202.00000223BD6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2128448034.00000223BD6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216142952.00000223BD6D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210571336.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCD69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2128290202.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251407617.00000223BD4C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127422748.00000223C6914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271743946.00000223C351E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA512000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2119949954.00000223BC569000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000E.00000003.2118815486.00000223BC51B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120486385.00000223BC51E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119949954.00000223BC592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120239902.00000223BC552000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.2285185400.00000223BE634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE632000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE632000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2222023911.00000223C4FC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000E.00000003.2228483856.00000223BE5FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271743946.00000223C351E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA512000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AC3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AC3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000012.00000002.3909382128.000001D111A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AC3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000E.00000003.2246834591.00000223C3843000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AC3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.2110124642.00000223C39D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195581139.00000223C39D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.2110124642.00000223C39D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195581139.00000223C39D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273148233.00000223BE65C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.2274984606.00000223BE270000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254109034.00000223BE26E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310584508.00000223BE27A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131270857.00000223C697E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000E.00000003.2263550089.00000223BC2D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259495155.00000223BC2D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE6CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C387B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246834591.00000223C3892000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269767809.00000223C3893000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262708140.00000223C3892000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.14.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.2265077230.00000223B96D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243352881.00000223C4F87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000E.00000003.2224484952.00000223BF15C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111AF5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.2222023911.00000223C4FC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/30b1be0a-6ee0-46d5-8a3e-9d6ea
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265848590.00000223C6A89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C428D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/ca513631-73ea-40af-82bb-969f
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265848590.00000223C6A89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/3594e6b8-080d-4f0e
Source: firefox.exe, 0000000E.00000003.2220842655.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265848590.00000223C6A89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b120e9db-8292-4db1
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.2290407269.00000223C3C40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000E.00000003.2257394917.00000223BD27B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.2261139848.00000223BBC4D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000E.00000003.2112129904.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277213770.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000E.00000003.2112129904.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277213770.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000011.00000002.3908748512.000002ABBA586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A8E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2318389167.00000223B79B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169189703.00000223BB657000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.2241955201.00000223C71E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.2314612204.00000223BB490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000000E.00000003.2267378958.00000223C4F4D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2311000574.00000223BC233000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000E.00000003.2309704148.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271324281.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000E.00000003.2309704148.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271324281.00000223C357F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000E.00000003.2260781259.00000223BBF71000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000E.00000003.2309704148.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271324281.00000223C357F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000E.00000003.2309704148.00000223C357F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271324281.00000223C357F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.2265077230.00000223B96C5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.2126551202.00000223BD6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2128448034.00000223BD6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216142952.00000223BD6D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.2253627032.00000223BE53B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000E.00000003.2259425047.00000223BCD1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2264612647.00000223BB46B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2252280373.00000223BD48A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2117325385.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259206343.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000E.00000003.2117325385.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259206343.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.2259917262.00000223BC263000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000E.00000003.2269068154.00000223C3BBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA512000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000E.00000003.2269068154.00000223C3BBA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270698707.00000223C376A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111AFA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AFA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/userZ
Source: firefox.exe, 0000000E.00000003.2116827186.00000223BCD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256620474.00000223BD413000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259016114.00000223BCD56000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000E.00000003.2258040254.00000223BCD85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258040254.00000223BCDBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256620474.00000223BD413000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259016114.00000223BCD56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116827186.00000223BCDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000E.00000003.2265077230.00000223B96C5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000E.00000003.2228483856.00000223BE5FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245053004.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285443198.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274841657.00000223BE2A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256330314.00000223BE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275235510.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310391079.00000223BE2B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254109034.00000223BE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111780397.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.2264612647.00000223BB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314842266.00000223BB478000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.2291124903.00000223C370F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220842655.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271049559.00000223C370F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242381337.00000223C6CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265848590.00000223C6A89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255184333.00000223C6CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220621963.00000223C6CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 0000000E.00000003.2192864380.00000223BEFA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000000E.00000003.2285648956.00000223BD79F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112129904.00000223BD79B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: places.sqlite-wal.14.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261997297.00000223BB4AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.2257028839.00000223BD411000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.2270948690.00000223C372A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.2245053004.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275235510.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111780397.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 0000000E.00000003.2091762883.00000223BBA8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210571336.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2128290202.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117325385.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251407617.00000223BD4C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127422748.00000223C6914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000010.00000002.3909825771.000001268B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3911736485.000001D111B03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000E.00000003.2168605415.00000223BB657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168605415.00000223BB685000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168570993.00000223BB68B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000E.00000003.2253097552.00000223C38F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.2109857400.00000223C3A26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2110554395.00000223C3A79000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.2091762883.00000223BBA8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.2091762883.00000223BBA8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089333601.00000223BB800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314975515.00000223BB462000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210571336.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264996552.00000223BB462000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2091227741.00000223BBA6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2089565926.00000223BBA1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090358836.00000223BBA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2128290202.00000223C6914000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117325385.00000223BCD34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251407617.00000223BD4C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2090575547.00000223BBA53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127422748.00000223C6914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.2221633447.00000223C54D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000E.00000003.2252280373.00000223BD48A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000E.00000003.2319137162.00000223B7910000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289094572.00000223BC227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318389167.00000223B79B1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000E.00000003.2228483856.00000223BE5FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 0000000E.00000003.2118815486.00000223BC51B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120486385.00000223BC51E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119949954.00000223BC592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120239902.00000223BC552000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.2266977770.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222023911.00000223C4FD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/anything/?
Source: places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 0000000E.00000003.2264612647.00000223BB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314842266.00000223BB478000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.2252347282.00000223BD47E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2267853219.00000223C3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287147694.00000223BD1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289785149.00000223C3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000000E.00000003.2264612647.00000223BB46F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314842266.00000223BB478000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000E.00000003.2267853219.00000223C3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287147694.00000223BD1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289785149.00000223C3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 0000000E.00000003.2319197769.00000223B705D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909825771.000001268B7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA5CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111AFA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2243186608.00000223C54A3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000012.00000002.3909382128.000001D111AFA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/(
Source: firefox.exe, 00000010.00000002.3909177798.000001268B410000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3911362003.000002ABBAA60000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3909066626.000001D111890000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000E.00000003.2111081780.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253323728.00000223C38D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246645487.00000223C38CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000E.00000003.2287147694.00000223BD1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C424C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.dr String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.2112129904.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277213770.00000223BD7B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000E.00000003.2245053004.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275235510.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111780397.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.2261997297.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313953608.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264612647.00000223BB4BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.2257028839.00000223BD411000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000E.00000003.2290665005.00000223C388F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246834591.00000223C388F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000E.00000003.2223589483.00000223C3B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3908748512.000002ABBA503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3909382128.000001D111A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.2245053004.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275235510.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276554010.00000223BDC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111780397.00000223BE0B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000E.00000003.2244511218.00000223BE658000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272883662.00000223BE68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 0000000E.00000003.2244215809.00000223BF0FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311136718.00000223BC210000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000000E.00000003.2315532345.00000223BAFD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253474771.00000223C3797000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245699414.00000223BDDE3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.14.dr String found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000012.00000002.3908391681.000001D111840000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.co
Source: firefox.exe, 00000010.00000002.3909444885.000001268B6F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.coNN
Source: firefox.exe, 0000000E.00000003.2225343419.00000223BF149000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3909444885.000001268B6F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3907860408.000001268B28A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3907860408.000001268B280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3906850524.000002ABBA25A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3907618790.000002ABBA3B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3907001782.000001D1116AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3908391681.000001D111844000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2075448368.000002674646A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2081200375.000001BD769E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 00000012.00000002.3907001782.000001D1116A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdL
Source: firefox.exe, 00000010.00000002.3909444885.000001268B6F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3907860408.000001268B280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3907618790.000002ABBA3B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3906850524.000002ABBA250000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3908391681.000001D111844000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3907001782.000001D1116A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000012.00000002.3907001782.000001D1116AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdX
Source: firefox.exe, 00000011.00000002.3906850524.000002ABBA250000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdb
Source: firefox.exe, 00000011.00000002.3906850524.000002ABBA25A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdv
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49998 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_0092EAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_0092ED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_0092EAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_0091AA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00949576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_00949576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2040964883.0000000000972000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_71566724-2
Source: file.exe, 00000000.00000000.2040964883.0000000000972000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_98f76143-1
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_dcae639c-4
Source: file.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_b77d9512-f
Contains functionality to call native functions
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAACAD37 NtQuerySystemInformation, 17_2_000002ABBAACAD37
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAAE8FF2 NtQuerySystemInformation, 17_2_000002ABBAAE8FF2
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_0091D5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00911201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_0091E8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00922046 0_2_00922046
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B8060 0_2_008B8060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00918298 0_2_00918298
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008EE4FF 0_2_008EE4FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E676B 0_2_008E676B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00944873 0_2_00944873
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008DCAA0 0_2_008DCAA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008BCAF0 0_2_008BCAF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008CCC39 0_2_008CCC39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E6DD9 0_2_008E6DD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B91C0 0_2_008B91C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008CB119 0_2_008CB119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D1394 0_2_008D1394
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D1706 0_2_008D1706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D781B 0_2_008D781B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D19B0 0_2_008D19B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B7920 0_2_008B7920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008C997D 0_2_008C997D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D7A4A 0_2_008D7A4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D7CA7 0_2_008D7CA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D1C77 0_2_008D1C77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E9EEE 0_2_008E9EEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0093BE44 0_2_0093BE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D1F32 0_2_008D1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAACAD37 17_2_000002ABBAACAD37
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAAE8FF2 17_2_000002ABBAAE8FF2
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAAE9032 17_2_000002ABBAAE9032
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAAE971C 17_2_000002ABBAAE971C
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 008B9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 008CF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 008D0A30 appears 46 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal72.troj.evad.winEXE@34/41@71/12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009237B5 GetLastError,FormatMessageW, 0_2_009237B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009110BF AdjustTokenPrivileges,CloseHandle, 0_2_009110BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_009116C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_009251CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_0091D4DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_0092648E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_008B42A2
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246 Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3852:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:764:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4284:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Local\Temp\firefox Jump to behavior
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222380048.00000223C428D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.2222380048.00000223C42A9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.2243497496.00000223C421F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exe ReversingLabs: Detection: 47%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0db7204-06d3-428f-bcd4-2897346120bd} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223ab870d10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a70b601-fc0d-4b95-b580-7725ca6cdc50} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223bdd2b510 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {349d6966-eb71-4eb8-a0f9-1297aa39e4f0} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223ab870310 utility
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0db7204-06d3-428f-bcd4-2897346120bd} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223ab870d10 socket Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a70b601-fc0d-4b95-b580-7725ca6cdc50} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223bdd2b510 rdd Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {349d6966-eb71-4eb8-a0f9-1297aa39e4f0} 7104 "\\.\pipe\gecko-crash-server-pipe.7104" 223ab870310 utility Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2168491420.00000223C7281000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2172455447.00000223BB6C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2172455447.00000223BB6C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsock32.pdbUGP source: firefox.exe, 0000000E.00000003.2167861509.00000223BB67F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2172816789.00000223BB6B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2168491420.00000223C7281000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2173855604.00000223BB6C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2172816789.00000223BB6B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2167861509.00000223BB67F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167501538.00000223BB657000.00000004.00000020.00020000.00000000.sdmp
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_008B42DE
PE file contains sections with non-standard names
Source: gmpopenh264.dll.tmp.14.dr Static PE information: section name: .rodata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D0A76 push ecx; ret 0_2_008D0A89
Drops PE files
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) Jump to dropped file
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_008CF98E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00941C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_00941C41
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAACAD37 rdtsc 17_2_000002ABBAACAD37
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 3.5 %
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0091DBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008EC2A2 FindFirstFileExW, 0_2_008EC2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009268EE FindFirstFileW,FindClose, 0_2_009268EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_0092698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0091D076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0091D3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00929642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00929642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_0092979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00929B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00929B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00925C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00925C97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_008B42DE
Source: firefox.exe, 00000011.00000002.3906850524.000002ABBA25A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWPh
Source: firefox.exe, 00000010.00000002.3907860408.000001268B2B6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3907860408.000001268B28A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3912001052.000002ABBAB00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3907001782.000001D1116AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3908266492.000001D111720000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000010.00000002.3912006103.000001268B814000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000011.00000002.3912001052.000002ABBAB00000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllif
Source: firefox.exe, 00000010.00000002.3912639580.000001268B900000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3912001052.000002ABBAB00000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000002ABBAACAD37 rdtsc 17_2_000002ABBAACAD37
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0092EAA2 BlockInput, 0_2_0092EAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_008E2622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_008B42DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D4CE8 mov eax, dword ptr fs:[00000030h] 0_2_008D4CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00910B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00910B62
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_008E2622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_008D083F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D09D5 SetUnhandledExceptionFilter, 0_2_008D09D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_008D0C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00911201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_008F2BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0091B226 SendInput,keybd_event, 0_2_0091B226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_009322DA
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00910B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00910B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_00911663
Source: file.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe Binary or memory string: Shell_TrayWnd
Source: firefox.exe, 0000000E.00000003.2170421469.00000223C7281000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D0698 cpuid 0_2_008D0698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00928195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_00928195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0090D27A GetUserNameW, 0_2_0090D27A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008EB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free, 0_2_008EB952
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_008B42DE

Stealing of Sensitive Information
barindex
Yara detected Credential Flusher
Source: Yara match File source: Process Memory Space: file.exe PID: 5016, type: MEMORYSTR
OS version to string mapping found (often used in BOTs)
Source: file.exe Binary or memory string: WIN_81
Source: file.exe Binary or memory string: WIN_XP
Source: file.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe Binary or memory string: WIN_XPe
Source: file.exe Binary or memory string: WIN_VISTA
Source: file.exe Binary or memory string: WIN_7
Source: file.exe Binary or memory string: WIN_8

Remote Access Functionality
barindex
Yara detected Credential Flusher
Source: Yara match File source: Process Memory Space: file.exe PID: 5016, type: MEMORYSTR
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00931204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_00931204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00931806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_00931806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540376 Sample: file.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 224 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.238, 443, 49711, 49712 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49713, 49720, 49724 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
151.101.1.91
 services.addons.mozilla.org United States
54113 FASTLYUS false
34.149.100.209
 prod.remote-settings.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.107.243.93
 push.services.mozilla.com United States
15169 GOOGLEUS false
34.107.221.82
 prod.detectportal.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
142.250.181.238
 youtube.com United States
15169 GOOGLEUS false
35.244.181.201
 prod.balrog.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
34.117.188.166
 contile.services.mozilla.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
35.201.103.21
 normandy-cdn.services.mozilla.com United States
15169 GOOGLEUS false
35.190.72.216
 prod.classify-client.prod.webservices.mozgcp.net United States
15169 GOOGLEUS false
34.160.144.191
 prod.content-signature-chains.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.120.208.123
 telemetry-incoming.r53-2.services.mozilla.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
example.org 93.184.215.14 true
star-mini.c10r.facebook.com 157.240.0.35 true
prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216 true
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201 true
twitter.com 104.244.42.129 true
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82 true
services.addons.mozilla.org 151.101.1.91 true
dyna.wikimedia.org 185.15.59.224 true
prod.remote-settings.prod.webservices.mozgcp.net 34.149.100.209 true
contile.services.mozilla.com 34.117.188.166 true
youtube.com 142.250.181.238 true
prod.content-signature-chains.prod.webservices.mozgcp.net 34.160.144.191 true
youtube-ui.l.google.com 142.250.185.110 true
us-west1.prod.sumo.prod.webservices.mozgcp.net 34.149.128.2 true
reddit.map.fastly.net 151.101.1.140 true
ipv4only.arpa 192.0.0.171 true
prod.ads.prod.webservices.mozgcp.net 34.117.188.166 true
push.services.mozilla.com 34.107.243.93 true
normandy-cdn.services.mozilla.com 35.201.103.21 true
telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123 true
www.reddit.com unknown unknown
spocs.getpocket.com unknown unknown
content-signature-2.cdn.mozilla.net unknown unknown
support.mozilla.org unknown unknown
firefox.settings.services.mozilla.com unknown unknown
www.youtube.com unknown unknown
www.facebook.com unknown unknown
detectportal.firefox.com unknown unknown
normandy.cdn.mozilla.net unknown unknown
shavar.services.mozilla.com unknown unknown
www.wikipedia.org unknown unknown