Windows Analysis Report file.exe

Connects to many different domains

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2

Source:	Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: firefox.exe

Memory has grown: Private usage: 0MB later: 75MB

Source: unknown

Network traffic detected: DNS query count 31

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View	IP Address: 151.101.129.91 151.101.129.91
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 34.160.144.191 34.160.144.191

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,

0_2_0082CE44

Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://pubads.g.doubleclick.net/gampad/ad*://.adsafeprotected.com/services/pub://www.facebook.com/platform/impression.php://pixel.advertising.com/firefox-etp--autocomplete-popup-separator-colorresource://gre/modules/AddonManager.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]][{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "*:
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: resource://gre/modules/JSONFile.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjshttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs@mozilla.org/network/async-stream-copier;1https://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/dbus-handler-app;1http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/DeferredTask.sys.mjs{33d75835-722f-42c0-89cc-44f328e56a86}extractScheme/fixupChangedProtocol<isDownloadsImprovementsAlreadyMigratedresource://gre/modules/FileUtils.sys.mjshttps://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan't invoke URIFixup in the content processhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjshandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/web-handler-app;1resource://gre/modules/FileUtils.sys.mjsnewChannel requires a single object argumentNon-zero amount of bytes must be specified@mozilla.org/intl/converter-input-stream;1https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.alwaysAskBeforeHandling@mozilla.org/uriloader/handler-service;1VALIDATE_DONT_COLLAPSE_WHITESPACESEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLpdfjs.previousHandler.preferredActionhttps://mail.yandex.ru/compose?mailto=%s@mozilla.org/uriloader/handler-service;1First argument should be an nsIInputStream@mozilla.org/network/input-stream-pump;1Must have a source and a callback@mozilla.org/scriptableinputstream;1https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/Integration.sys.mjshttps://mail.yahoo.co.jp/compose/?To=%s@mozilla.org/network/simple-stream-listener;1 equals www.yahoo.com (Yahoo)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2092862807.000001895C415000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: firefox.exe, 0000000D.00000002.1813518257.0000019A71B93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjs
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjshttp://poczta.
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001C.00000003.2049648533.000001895BB1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.htmlbrowser.crashReports.unsubmittedCheck.Selected
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/stringsp
Source: firefox.exe, 0000001C.00000003.1995019283.000001895667A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047756305.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000D.00000002.1816841006.0000019A72295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813518257.0000019A71B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72ACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817441058.0000019A72403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1816507435.0000019A72186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1819386390.0000019A72B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1810646353.0000019A6F754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000001C.00000003.1861243377.000001894F16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/cld/languages/internal/languages.cc
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000001C.00000003.1860441553.000001894EF83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/De
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000001C.00000003.1911178538.0000018955F96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updateSILENT_UPDATE_NEEDED_ELEVATION_ERRORchrome://branding/locale/b
Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1874356270.000001894D763000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:scope
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulUpdateServiceStub:migrateFile
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/arrows
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/browse
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://passwordmgr/locale/passwordmgr
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/BrowserTelemetry
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://services-settings/remote-set
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000003.2093675723.000001895BE97000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/get
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.ca
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.caControllerCommands:DoWithParamsget
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001C.00000003.2012940249.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933510585.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933783374.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2015109560.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2016743925.000001895D827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933337286.000001894F78A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1973768851.000001894F791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63E97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RESTART_ARG_3=--no-d
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgcreateContentPrincipalFromOriginhttps://monitor.firefox.combrowser.handler
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baidu.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180D
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180PlacesToolbarHelper.populateManagedBookmarks(thi
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464https://bugzilla.mozilla.org/show_bug.cgi?id=160
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 0000001C.00000003.2018690293.000001895C360000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937526624.000001894F898000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937035047.000001894F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937077978.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1865362093.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1867897595.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1983835719.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057888750.000001895C098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsjar
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824537165.00000D5D62704000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824745482.00002311B0504000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ebay.com
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2036568103.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2075902936.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2005070380.000001894B013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordshttps
Source: firefox.exe, 0000001C.00000003.2099072364.000001895B1EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1Failed
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i#
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabControl
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000003.2073604226.00000189517EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000D.00000002.1809767184.0000019A6F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877964039.000001894F170000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsexperiment-apis/aboutConfigPrefs.jsonexperiment-apis/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Use
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881a
Source: firefox.exe, 0000001C.00000003.2051902537.000001895D75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2051534757.000001895D7AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000001C.00000003.2092467473.000001895C4EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E069000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101094463.00000189581A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9d53db1a-28de-4067-8ed4-824e8
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/657536d3-2c23-4641-bf4d-4fac
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitresource://gre/modules/SearchService.sys.mjshttps://get
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000D.00000002.1822821026.0000019A73188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000D.00000002.1822821026.0000019A731E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%extensions.formautofill.credit
Source: firefox.exe, 0000000D.00000002.1816841006.0000019A7227B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comdevtools.debugger.features.windowless-service-workershttps://bugzilla.mozilla.
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.comresource:///modules/ExtensionsUI.sys.mjs
Source: firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1809767184.0000019A6F220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EFD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.init
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%schrome://browser/content/schemas/chrome_settings_o
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A621D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource://gre/modules/TelemetryEnvironment.sys.mj
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000D.00000002.1824628036.00001607DE004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1978669403.000001894E6B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sMicrosoft
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000001C.00000003.2023671339.000001894D598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2031535124.000001894D598000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comTY8H
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comdch_handle/handleNotification/
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001C.00000003.2072931595.0000018951DA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084645948.0000018951DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/#
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.htmlshims/mochitest-shim-1.jsshims/rambler-au
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2096738785.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svgpictureinpicture%40mozilla.org:1.0.0webcompat-reporter
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVES
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVESpreffedRegionsBlockStringDISCOVERY_STRE
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001C.00000003.2051534757.000001895D776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2091242307.000001895D777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2081319523.000001895BE72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043144215.000001895DD1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpUpdateService:_postU
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911178538.0000018955F85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1987500115.0000018955F85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000001C.00000003.1860500592.000001894EF53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-west-first-party-cookies).
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047045540.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.certificate-transparency.org/what-is-ct
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 0000001C.00000003.2073604226.00000189517FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000001C.00000003.1912937133.0000018956408000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911648074.0000018951653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchget
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000001C.00000003.2093285023.000001895C193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2044402728.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1825024377.000039FCAB304000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2069789590.000001895BDF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000001C.00000003.2079297211.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2097446779.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000F.00000002.1804068215.0000020B28ACB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/s
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgmodificationTime
Source: firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com
Source: firefox.exe, 0000001C.00000003.2084645948.0000018951DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 0000000F.00000002.1804736129.0000020B28B80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigD
Source: firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2098839671.000001895BB1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000B.00000002.1754712241.000001B05CB0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1783060584.000001DDE5AB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.1837723501.00000250A6C47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.1849983595.000002E42EBA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdBoolean
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdCheckerService:#upda
Source: firefox.exe, 0000000D.00000002.1810646353.0000019A6F7A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63E83000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804736129.0000020B28B84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B28770000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2086540729.000001894E5B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdOR
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdPO
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdThe
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/accountservices.sync.log.logger.browsereEditorEnableWrapHackMaskeNewlinesReplace
Source: firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066233540.000001895C236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com?

Source: unknown	Network traffic detected: HTTP traffic on port 64475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64461
Source: unknown	Network traffic detected: HTTP traffic on port 64469 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51031
Source: unknown	Network traffic detected: HTTP traffic on port 50919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64457
Source: unknown	Network traffic detected: HTTP traffic on port 64459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64459
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64471
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64470
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64472
Source: unknown	Network traffic detected: HTTP traffic on port 64468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64464
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64466
Source: unknown	Network traffic detected: HTTP traffic on port 64479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64467
Source: unknown	Network traffic detected: HTTP traffic on port 64471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64469
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64481
Source: unknown	Network traffic detected: HTTP traffic on port 64467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64475
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64478
Source: unknown	Network traffic detected: HTTP traffic on port 64474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 64476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 64466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 64477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64473 -> 443

Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0082ED6A

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\file.exe

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0081AA57

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00849576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00849576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1d5542a4-3
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_61ff9ed4-3

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0081D5EB

Contains functionality to launch a process as a different user

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0081E8F6

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8060	0_2_007B8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822046	0_2_00822046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818298	0_2_00818298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE4FF	0_2_007EE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E676B	0_2_007E676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844873	0_2_00844873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCAF0	0_2_007BCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DCAA0	0_2_007DCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCC39	0_2_007CCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6DD9	0_2_007E6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CB119	0_2_007CB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B91C0	0_2_007B91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1394	0_2_007D1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1706	0_2_007D1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D781B	0_2_007D781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C997D	0_2_007C997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B7920	0_2_007B7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D19B0	0_2_007D19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7A4A	0_2_007D7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1C77	0_2_007D1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7CA7	0_2_007D7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E9EEE	0_2_007E9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083BE44	0_2_0083BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1F32	0_2_007D1F32

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007CF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007D0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007B9CB3 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@55/38@69/13

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008237B5 GetLastError,FormatMessageW,

0_2_008237B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,		0_2_008110BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_008116C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_008251CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0081D4DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0082648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_007B42A2

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;

Source: file.exe

ReversingLabs: Detection: 47%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Windows\System32\conhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

Contains functionality to dynamically determine API calls

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

PE file contains sections with non-standard names

Source: gmpopenh264.dll.tmp.28.dr

Static PE information: section name: .rodata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0A76 push ecx; ret

0_2_007D0A89

Drops PE files

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_007CF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00841C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.5 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63DE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804833476.0000020B28C19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpMz(
Source: firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1805115662.0000020B29040000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAA2 BlockInput,

0_2_0082EAA2

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_007E2622

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]

0_2_007D4CE8

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

Contains functionality to execute programs as a different user

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007E2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007D083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D09D5 SetUnhandledExceptionFilter,	0_2_007D09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_007D0C21

Source: C:\Users\user\Desktop\file.exe

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_007F2BA5

Contains functionality to simulate keystroke presses

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081B226 SendInput,keybd_event,

0_2_0081B226

Contains functionality to simulate mouse events

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_008322DA

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00811663

Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0698 cpuid

0_2_007D0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00828195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00828195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0080D27A GetUserNameW,

0_2_0080D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_007EBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

OS version to string mapping found (often used in BOTs)

Source: Yara match	File source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6212, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: Yara match	File source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6212, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00831204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00831806

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.206	youtube.com	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
151.101.129.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.113.102	unknown	United States	15169	GOOGLEUS	false
35.201.103.21	normandy-cdn.services.mozilla.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false

Private

IP
127.0.0.1

Contacted Domains

Name	IP	Active
example.org	93.184.215.14	true
star-mini.c10r.facebook.com	157.240.0.35	true
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
twitter.com	104.244.42.65	true
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true
services.addons.mozilla.org	151.101.129.91	true
dyna.wikimedia.org	185.15.59.224	true
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true
contile.services.mozilla.com	34.117.188.166	true
youtube.com	142.250.185.206	true
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true
youtube-ui.l.google.com	142.250.185.142	true
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true
reddit.map.fastly.net	151.101.65.140	true
ipv4only.arpa	192.0.0.171	true
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true
push.services.mozilla.com	34.107.243.93	true
normandy-cdn.services.mozilla.com	35.201.103.21	true
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true
www.reddit.com	unknown	unknown
spocs.getpocket.com	unknown	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown
support.mozilla.org	unknown	unknown
firefox.settings.services.mozilla.com	unknown	unknown
www.youtube.com	unknown	unknown
www.facebook.com	unknown	unknown
detectportal.firefox.com	unknown	unknown
normandy.cdn.mozilla.net	unknown	unknown
shavar.services.mozilla.com	unknown	unknown
www.wikipedia.org	unknown	unknown

AV Detection

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.3% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Connects to many different domains

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2

Source:	Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: firefox.exe

Memory has grown: Private usage: 0MB later: 75MB

Source: unknown

Network traffic detected: DNS query count 31

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View	IP Address: 151.101.129.91 151.101.129.91
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 34.160.144.191 34.160.144.191

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.113.102
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,

0_2_0082CE44

Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://pubads.g.doubleclick.net/gampad/ad*://.adsafeprotected.com/services/pub://www.facebook.com/platform/impression.php://pixel.advertising.com/firefox-etp--autocomplete-popup-separator-colorresource://gre/modules/AddonManager.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]][{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "*:
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: resource://gre/modules/JSONFile.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjshttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs@mozilla.org/network/async-stream-copier;1https://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/dbus-handler-app;1http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/DeferredTask.sys.mjs{33d75835-722f-42c0-89cc-44f328e56a86}extractScheme/fixupChangedProtocol<isDownloadsImprovementsAlreadyMigratedresource://gre/modules/FileUtils.sys.mjshttps://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan't invoke URIFixup in the content processhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjshandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/web-handler-app;1resource://gre/modules/FileUtils.sys.mjsnewChannel requires a single object argumentNon-zero amount of bytes must be specified@mozilla.org/intl/converter-input-stream;1https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.alwaysAskBeforeHandling@mozilla.org/uriloader/handler-service;1VALIDATE_DONT_COLLAPSE_WHITESPACESEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLpdfjs.previousHandler.preferredActionhttps://mail.yandex.ru/compose?mailto=%s@mozilla.org/uriloader/handler-service;1First argument should be an nsIInputStream@mozilla.org/network/input-stream-pump;1Must have a source and a callback@mozilla.org/scriptableinputstream;1https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/Integration.sys.mjshttps://mail.yahoo.co.jp/compose/?To=%s@mozilla.org/network/simple-stream-listener;1 equals www.yahoo.com (Yahoo)
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2092862807.000001895C415000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: firefox.exe, 0000000D.00000002.1813518257.0000019A71B93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjs
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjshttp://poczta.
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001C.00000003.2049648533.000001895BB1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.htmlbrowser.crashReports.unsubmittedCheck.Selected
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/stringsp
Source: firefox.exe, 0000001C.00000003.1995019283.000001895667A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047756305.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000D.00000002.1816841006.0000019A72295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813518257.0000019A71B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72ACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817441058.0000019A72403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1816507435.0000019A72186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1819386390.0000019A72B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1810646353.0000019A6F754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000001C.00000003.1861243377.000001894F16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/cld/languages/internal/languages.cc
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000001C.00000003.1860441553.000001894EF83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/De
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000001C.00000003.1911178538.0000018955F96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updateSILENT_UPDATE_NEEDED_ELEVATION_ERRORchrome://branding/locale/b
Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1874356270.000001894D763000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:scope
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulUpdateServiceStub:migrateFile
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/arrows
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/browse
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://passwordmgr/locale/passwordmgr
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/BrowserTelemetry
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://services-settings/remote-set
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000003.2093675723.000001895BE97000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/get
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.ca
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.caControllerCommands:DoWithParamsget
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001C.00000003.2012940249.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933510585.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933783374.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2015109560.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2016743925.000001895D827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933337286.000001894F78A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1973768851.000001894F791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63E97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RESTART_ARG_3=--no-d
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgcreateContentPrincipalFromOriginhttps://monitor.firefox.combrowser.handler
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baidu.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180D
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180PlacesToolbarHelper.populateManagedBookmarks(thi
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464https://bugzilla.mozilla.org/show_bug.cgi?id=160
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 0000001C.00000003.2018690293.000001895C360000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937526624.000001894F898000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937035047.000001894F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937077978.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1865362093.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1867897595.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1983835719.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057888750.000001895C098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsjar
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824537165.00000D5D62704000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824745482.00002311B0504000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ebay.com
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2036568103.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2075902936.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2005070380.000001894B013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordshttps
Source: firefox.exe, 0000001C.00000003.2099072364.000001895B1EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1Failed
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i#
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabControl
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000003.2073604226.00000189517EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000D.00000002.1809767184.0000019A6F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877964039.000001894F170000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsexperiment-apis/aboutConfigPrefs.jsonexperiment-apis/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Use
Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881a
Source: firefox.exe, 0000001C.00000003.2051902537.000001895D75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2051534757.000001895D7AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000001C.00000003.2092467473.000001895C4EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E069000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101094463.00000189581A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9d53db1a-28de-4067-8ed4-824e8
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/657536d3-2c23-4641-bf4d-4fac
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitresource://gre/modules/SearchService.sys.mjshttps://get
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000D.00000002.1822821026.0000019A73188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000D.00000002.1822821026.0000019A731E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%extensions.formautofill.credit
Source: firefox.exe, 0000000D.00000002.1816841006.0000019A7227B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comdevtools.debugger.features.windowless-service-workershttps://bugzilla.mozilla.
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.comresource:///modules/ExtensionsUI.sys.mjs
Source: firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1809767184.0000019A6F220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EFD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.init
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%schrome://browser/content/schemas/chrome_settings_o
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A621D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource://gre/modules/TelemetryEnvironment.sys.mj
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000D.00000002.1824628036.00001607DE004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1978669403.000001894E6B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sMicrosoft
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000001C.00000003.2023671339.000001894D598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2031535124.000001894D598000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comTY8H
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comdch_handle/handleNotification/
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001C.00000003.2072931595.0000018951DA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084645948.0000018951DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/#
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.html
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.htmlshims/mochitest-shim-1.jsshims/rambler-au
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2096738785.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svgpictureinpicture%40mozilla.org:1.0.0webcompat-reporter
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVES
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVESpreffedRegionsBlockStringDISCOVERY_STRE
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001C.00000003.2051534757.000001895D776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2091242307.000001895D777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2081319523.000001895BE72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043144215.000001895DD1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpUpdateService:_postU
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911178538.0000018955F85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1987500115.0000018955F85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000001C.00000003.1860500592.000001894EF53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-west-first-party-cookies).
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047045540.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.certificate-transparency.org/what-is-ct
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 0000001C.00000003.2073604226.00000189517FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000001C.00000003.1912937133.0000018956408000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911648074.0000018951653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchget
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000001C.00000003.2093285023.000001895C193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2044402728.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1825024377.000039FCAB304000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2069789590.000001895BDF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000001C.00000003.2079297211.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2097446779.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000F.00000002.1804068215.0000020B28ACB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/s
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgmodificationTime
Source: firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com
Source: firefox.exe, 0000001C.00000003.2084645948.0000018951DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 0000000F.00000002.1804736129.0000020B28B80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigD
Source: firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2098839671.000001895BB1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000B.00000002.1754712241.000001B05CB0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1783060584.000001DDE5AB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.1837723501.00000250A6C47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.1849983595.000002E42EBA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdBoolean
Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdCheckerService:#upda
Source: firefox.exe, 0000000D.00000002.1810646353.0000019A6F7A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63E83000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804736129.0000020B28B84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B28770000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2086540729.000001894E5B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdOR
Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdPO
Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdThe
Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/accountservices.sync.log.logger.browsereEditorEnableWrapHackMaskeNewlinesReplace
Source: firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066233540.000001895C236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com?

Source: unknown	Network traffic detected: HTTP traffic on port 64475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64461
Source: unknown	Network traffic detected: HTTP traffic on port 64469 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51031
Source: unknown	Network traffic detected: HTTP traffic on port 50919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64457
Source: unknown	Network traffic detected: HTTP traffic on port 64459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64459
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64471
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64470
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64472
Source: unknown	Network traffic detected: HTTP traffic on port 64468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64464
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64466
Source: unknown	Network traffic detected: HTTP traffic on port 64479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64467
Source: unknown	Network traffic detected: HTTP traffic on port 64471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64469
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64481
Source: unknown	Network traffic detected: HTTP traffic on port 64467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64475
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64478
Source: unknown	Network traffic detected: HTTP traffic on port 64474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 64476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 64466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 64477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64473 -> 443

Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\file.exe

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0082ED6A

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\file.exe

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0081AA57

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\file.exe

0_2_00849576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1d5542a4-3
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_61ff9ed4-3

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0081D5EB

Contains functionality to launch a process as a different user

Source: C:\Users\user\Desktop\file.exe

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0081E8F6

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8060	0_2_007B8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822046	0_2_00822046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818298	0_2_00818298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE4FF	0_2_007EE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E676B	0_2_007E676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844873	0_2_00844873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCAF0	0_2_007BCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DCAA0	0_2_007DCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCC39	0_2_007CCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6DD9	0_2_007E6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CB119	0_2_007CB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B91C0	0_2_007B91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1394	0_2_007D1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1706	0_2_007D1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D781B	0_2_007D781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C997D	0_2_007C997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B7920	0_2_007B7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D19B0	0_2_007D19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7A4A	0_2_007D7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1C77	0_2_007D1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7CA7	0_2_007D7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E9EEE	0_2_007E9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083BE44	0_2_0083BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1F32	0_2_007D1F32

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007CF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007D0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007B9CB3 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@55/38@69/13

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008237B5 GetLastError,FormatMessageW,

0_2_008237B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,		0_2_008110BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_008116C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_008251CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0081D4DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0082648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_007B42A2

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;

Source: file.exe

ReversingLabs: Detection: 47%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Windows\System32\conhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

Contains functionality to dynamically determine API calls

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

PE file contains sections with non-standard names

Source: gmpopenh264.dll.tmp.28.dr

Static PE information: section name: .rodata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0A76 push ecx; ret

0_2_007D0A89

Drops PE files

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_007CF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00841C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.5 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63DE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804833476.0000020B28C19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpMz(
Source: firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1805115662.0000020B29040000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAA2 BlockInput,

0_2_0082EAA2

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_007E2622

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]

0_2_007D4CE8

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\file.exe

Contains functionality to execute programs as a different user

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007E2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007D083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D09D5 SetUnhandledExceptionFilter,	0_2_007D09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_007D0C21

Source: C:\Users\user\Desktop\file.exe

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_007F2BA5

Contains functionality to simulate keystroke presses

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081B226 SendInput,keybd_event,

0_2_0081B226

Contains functionality to simulate mouse events

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_008322DA

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00811663

Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0698 cpuid

0_2_007D0698

Source: C:\Users\user\Desktop\file.exe

0_2_00828195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0080D27A GetUserNameW,

0_2_0080D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_007EBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

OS version to string mapping found (often used in BOTs)

Source: Yara match	File source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6212, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality