Edit tour

Windows Analysis Report
http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip

Overview

General Information

Sample URL:	http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip
Analysis ID:	1553709
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops PE files

PE file contains sections with non-standard names

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1920,i,18010206273888222103,1090461909337846844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 7516 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

firefox.exe (PID: 7828 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7856 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8068 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {706ebd77-446d-46d2-a25c-ec1730e8ff24} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d82bf6ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3388 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc1ae44-ed12-4ab9-9cf5-11c23e4b6e77} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83dd16310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 4336 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3686a61-2d74-48be-9350-008e5e1b0717} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83c453f10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T16:05:11.844053+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.16	49706	TCP
2024-11-11T16:05:49.065757+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.16	49710	TCP

Joe Sandbox Signatures

• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Boot Survival
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:51385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:51406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:51407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51409 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51429 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51431 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51427 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51434 version: TLS 1.2

Source:	Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2029350239.000001D83DE2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2029122983.000001D83DE57000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2096632120.000001D8398CE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2015984702.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2096632120.000001D8398CE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2094975859.000001D8398C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2040644504.000001D83DCC2000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2092973862.000001D8398C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2015984702.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2015984702.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2066611946.000001D83D96E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2029350239.000001D83DE2C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb@ source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2040644504.000001D83DCC2000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2092973862.000001D8398C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2087444576.000001D84B701000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2029705946.000001D83DDF5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb`* source: firefox.exe, 0000000E.00000003.2029705946.000001D83DDF5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2087444576.000001D84B701000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2040644504.000001D83DCC2000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2056602735.000001D83C7F7000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb@ source: firefox.exe, 0000000E.00000003.2029350239.000001D83DE2C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2043982535.000001D83CCDD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2045530064.000001D83CC52000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source:	Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2057202855.000001D83C781000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2042480327.000001D83D876000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2066611946.000001D83D954000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2094975859.000001D8398C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2056602735.000001D83C7F7000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdbcmd_copy source: firefox.exe, 0000000E.00000003.2045679556.000001D83CC3B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2056602735.000001D83C7F7000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdbP\B< source: firefox.exe, 0000000E.00000003.2076850030.000001D83C7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7A6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb source: firefox.exe, 0000000E.00000003.2029705946.000001D83DDF5000.00000004.00000800.00020000.00000000.sdmp

Source: firefox.exe

Memory has grown: Private usage: 0MB later: 275MB

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:49706
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:49710

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8uAPUeCxOZk6NxY&MD=3pcpwnuR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8uAPUeCxOZk6NxY&MD=3pcpwnuR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000000E.00000003.1909007844.000001D8464BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1936878589.000001D83D4F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1903469937.000001D84AE86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1841843700.000001D844569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2057202855.000001D83C769000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C668000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1936878589.000001D83D4F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2043875314.000001D83D4F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1903469937.000001D84AE86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1841843700.000001D844569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1842433705.000001D83E469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2039186858.000001D83E469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1842433705.000001D83E469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2039186858.000001D83E469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1842433705.000001D83E469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2039186858.000001D83E469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2381646462.00000235E190C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.facebook.com (Facebook)
Source: firefox.exe, 00000013.00000002.2381646462.00000235E190C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.twitter.com (Twitter)
Source: firefox.exe, 00000013.00000002.2381646462.00000235E190C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1909007844.000001D8464BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1990202391.000001D848564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1810178838.000001D848564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1929043438.000001D8465ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2148111293.000001D83DEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2077172329.000001D838FB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1936878589.000001D83D4F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2038104741.000001D83F5F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C6DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C683000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net

Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.2043982535.000001D83CCC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://acroipm2.adobe
Source: firefox.exe, 0000000E.00000003.2051345498.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.2051345498.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.2197124374.000001D8465B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 0000000E.00000003.2236479150.000001D846250000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.2051345498.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2051345498.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.2051345498.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215736800.000001D84AE28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2040817148.000001D83DC9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1841843700.000001D844570000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274824360.000001D844572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2037377788.000001D844572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1935714201.000001D83DEAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1815252809.000001D84456F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2060289508.000001D83C5A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1824287780.000001D84456F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2027806797.000001D83DEB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.1841843700.000001D844569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.2002365878.000001D84A991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.1990202391.000001D8485BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1816011427.000001D844564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.1990202391.000001D8485BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.2244206402.000001D84B080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse
Source: firefox.exe, 0000000E.00000003.2244206402.000001D84B080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000E.00000003.1912432156.000001D8468CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1891654814.000001D8468CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1826920708.000001D8468CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1870822671.000001D8468CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1829718751.000001D8468CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.1964048319.0000025D84F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274824360.000001D844562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2010998535.000001D844562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1966102705.00001F39BB903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1970307006.00003263F1D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2065969564.000001D844562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.1964048319.0000025D84F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1966102705.00001F39BB903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1970307006.00003263F1D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 0000000E.00000003.2016776238.000001D83E4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1831476552.000001D84AED3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1850334117.000001D83D5E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1835202911.000001D84647E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1835202911.000001D84649C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1887934748.000001D83D680000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2033025556.000001D84AE25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1845189657.000001D83CBC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108287817.000001D83EE6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1898176048.000001D84643B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1930230580.000001D83EEBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1858656723.000001D846440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2177718253.000001D83BDC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1833419104.000001D83CACC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1853067005.000001D83CB94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1820788326.000001D848548000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215736800.000001D84AE28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2150657749.000001D83DDA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1831476552.000001D84AEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1931833781.000001D83EE87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2029852652.000001D83DD9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.1964048319.0000025D84F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1966102705.00001F39BB903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1970307006.00003263F1D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000E.00000003.2051345498.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.2051345498.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000000E.00000003.2236479150.000001D846250000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EEEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000000E.00000003.1812702402.000001D83C617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EEEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000000E.00000003.1983970115.000001D8398A6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1995349920.000001D8398A2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2073777439.000001D8398AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2051345498.000001D8398A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.cov
Source: firefox.exe, 0000000E.00000003.2236479150.000001D846250000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B0A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EEEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2040817148.000001D83DC44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1935714201.000001D83DE61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000010.00000002.2397551562.0000029F372FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1782986788.0000029F372FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1930230580.000001D83EEEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000E.00000003.1817099473.000001D83C2CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1930230580.000001D83EEEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1928506330.000001D846A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.1820756124.000001D84855E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.1758393748.000001D83B905000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1758053957.000001D839500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000E.00000003.2078937643.000001D83C50B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.2059795118.000001D83C5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197781569.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2015984702.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292910315.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108287817.000001D83EE61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.1810922940.000001D8469DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.1817110760.000001D84679A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 0000000E.00000003.2023218597.000001D83E3D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296863583.000001D83E3D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.2059795118.000001D83C5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C6DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C683000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806915449.000001D8442FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000E.00000003.2295848701.000001D83E435000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2038104741.000001D83F559000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2033344382.000001D846C34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2042480327.000001D83D8D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1909689660.000001D846051000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1908731622.000001D8464F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1908731622.000001D8464EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1920321029.000001D83CD13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1908731622.000001D8464F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=815437
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 0000000E.00000003.1921789165.000001D84BC2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=951422
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.1816011427.000001D844564000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.1824287780.000001D8445AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.2002960609.000001D846CF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1816675799.000001D844533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000E.00000003.2005044993.000001D846A3E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2019889414.000001D846A59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2005044993.000001D846A3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000000E.00000003.2033344382.000001D846C6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000E.00000003.1858656723.000001D84640A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.1758393748.000001D83B905000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1758053957.000001D839500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1841707956.000001D8445C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2010998535.000001D8445BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1877585222.000001D83CA81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.1927119368.000001D84A986000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 0000000E.00000003.2025645915.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299986798.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1804415095.000001D83DFCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1814355083.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1824589543.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1933954083.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F36612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2381646462.00000235E1913000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1819089888.000001D83C3D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1813938929.000001D8468DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000E.00000003.1819898751.000001D84A9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1817576408.000001D8468C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1819089888.000001D83C3D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000E.00000003.1817110760.000001D84679A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1813938929.000001D8468DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 0000000E.00000003.2144437730.000001D83CBE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C551000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2078937643.000001D83C545000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000E.00000003.2282905307.000001D83F5CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2023636383.000001D83E3C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000E.00000003.2025645915.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299986798.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1804415095.000001D83DFCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1814355083.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1824589543.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1933954083.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F36612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2381646462.00000235E1913000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000013.00000002.2381646462.00000235E1930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000E.00000003.1810922940.000001D8469DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.1927119368.000001D84A986000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 0000000E.00000003.1835202911.000001D84649C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.1835202911.000001D84649C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.1758393748.000001D83B905000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1758053957.000001D839500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.1850334117.000001D83D5E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000E.00000003.2025229004.000001D83E32E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: prefs-1.js.14.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.1946122526.000001D84C4D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1914454678.000001D84C4D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.2301208254.000001D83DF90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/activity-stream/sessions/1/d8754ab6-a15c-418d-b085-873
Source: firefox.exe, 0000000E.00000003.2059673246.000001D83C5DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/137e2adc-b829-495a-90fb-85c7f
Source: firefox.exe, 0000000E.00000003.2299632044.000001D83E329000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/8351b15a-8c18-4057-
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C559000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
Source: firefox.exe, 0000000E.00000003.2057202855.000001D83C7D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/295287f5-93b7-4750
Source: firefox.exe, 0000000E.00000003.2025425020.000001D83E31B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2057202855.000001D83C7D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199044749.000001D83E31E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/6e468da8-590c-4525
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.1803459634.000001D844574000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000E.00000003.2009544830.000001D845E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.2045192174.000001D83CC64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294044974.000001D83E4E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000E.00000003.1850334117.000001D83D5EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 0000000E.00000003.1850334117.000001D83D5EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 0000000E.00000003.1850334117.000001D83D5EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000013.00000002.2381646462.00000235E198F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.1999670031.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000E.00000003.1850334117.000001D83D5EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.2009838993.000001D845E87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.2010005523.000001D845E7E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.2048129045.000001D84620B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2065916128.000001D846222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2057202855.000001D83C71B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.1758053957.000001D839500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.1858656723.000001D84640A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.1840731000.000001D84AE0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2057202855.000001D83C71B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000E.00000003.2057202855.000001D83C71B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.1805134596.000001D84857F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1823475158.000001D846294000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2007852503.000001D84629F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000E.00000003.2002799463.000001D84852E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1933954083.000001D83DFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F36612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2381646462.00000235E1913000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000E.00000003.2002799463.000001D84852E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000E.00000003.2059795118.000001D83C5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C6DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000E.00000003.2059795118.000001D83C5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C6DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812702402.000001D83C683000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000E.00000003.1815252809.000001D8445F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000E.00000003.1819089888.000001D83C3CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000000E.00000003.2144437730.000001D83CBE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.2027806797.000001D83DECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1935714201.000001D83DEAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295848701.000001D83E419000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.2025425020.000001D83E31B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299632044.000001D83E324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.2028787587.000001D83DE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFoundT
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeededTo
Source: firefox.exe, 0000000E.00000003.2022337519.000001D844133000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000E.00000003.2202947276.000001D84B25E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 0000000E.00000003.1799323008.000001D84665D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C551000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.1823475158.000001D8462DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806915449.000001D8442FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 0000000E.00000003.1816773610.000001D83C7FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1877585222.000001D83CA81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000E.00000003.1927119368.000001D84A99F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1930230580.000001D83EEB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000E.00000003.2051345498.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262586843.000001D84A200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2055122062.000001D8398B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2054380703.000001D8398A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1999670031.000001D83989E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2063057492.000001D8398B6000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000E.00000003.1820213671.000001D848564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000E.00000003.1803331913.000001D84657A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.1824287780.000001D8445AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.1824287780.000001D844597000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.1824287780.000001D8445AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.1924621504.000001D84C4E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1820213671.000001D8485B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1815252809.000001D8445F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1811515061.000001D846660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000E.00000003.1814355083.000001D83DFA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1816725985.000001D84452F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204811281.000001D83E45A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.1968260288.00002CDC2F803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/Z
Source: firefox.exe, 0000000E.00000003.2202947276.000001D84B25E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 0000000E.00000003.1819898751.000001D84A9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1817576408.000001D8468C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1819089888.000001D83C3D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.1928183429.000001D846AD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000E.00000003.2202947276.000001D84B25E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 0000000E.00000003.2025425020.000001D83E31B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299632044.000001D83E324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.1925314413.000001D84B2E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1955401058.000001D84B2F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2061829571.000001D84B2F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1988385364.000001D84B2F9000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 0000000E.00000003.2025425020.000001D83E31B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299632044.000001D83E324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000E.00000003.1813938929.000001D8468CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1817110760.000001D84679A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2381646462.00000235E19F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000013.00000002.2378396710.00000235E1720000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000E.00000003.2005189842.000001D846A20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000E.00000003.1809789919.000001D84A92B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000013.00000002.2381646462.00000235E19F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/m
Source: firefox.exe, 0000000E.00000003.1930230580.000001D83EED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.1821335482.000001D84697F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1809789919.000001D84A935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1805134596.000001D848560000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806915449.000001D8442FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.2077332137.000001D83C551000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000F.00000002.2381642991.0000020B9D9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2381114017.0000029F366E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392715615.00000235E1C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2002960609.000001D846C86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000013.00000002.2381646462.00000235E190C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.2040817148.000001D83DC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806965897.000001D8442E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000E.00000003.2225568324.000001D84B080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningWindow_Cc_ontrollersWarningwindow.controllers/Controllers

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51429
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51421
Source: unknown	Network traffic detected: HTTP traffic on port 51413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51390
Source: unknown	Network traffic detected: HTTP traffic on port 51391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51392
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51397
Source: unknown	Network traffic detected: HTTP traffic on port 51399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51396
Source: unknown	Network traffic detected: HTTP traffic on port 51418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51433
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 51424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 51387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 51402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 51381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51405
Source: unknown	Network traffic detected: HTTP traffic on port 51415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51406
Source: unknown	Network traffic detected: HTTP traffic on port 51383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51409
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51408
Source: unknown	Network traffic detected: HTTP traffic on port 51434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51400
Source: unknown	Network traffic detected: HTTP traffic on port 51428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51417
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51414
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51412
Source: unknown	Network traffic detected: HTTP traffic on port 51397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51411
Source: unknown	Network traffic detected: HTTP traffic on port 51412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51381
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51406 -> 443

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:51385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:51406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:51407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51409 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:51412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:51418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51429 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51431 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51427 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:51434 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@38/42@84/15

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2010998535.000001D844565000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2065969564.000001D844565000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.2043982535.000001D83CC8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ALL id FROM nssPublic WHERE a1=$DATA0 AND a0=$DATA1 AND a81=$DATA2 AND a82=$DATA3;
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.1921544608.000001D84BC3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1920,i,18010206273888222103,1090461909337846844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {706ebd77-446d-46d2-a25c-ec1730e8ff24} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d82bf6ef10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc1ae44-ed12-4ab9-9cf5-11c23e4b6e77} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83dd16310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3686a61-2d74-48be-9350-008e5e1b0717} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83c453f10 utility
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1920,i,18010206273888222103,1090461909337846844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {706ebd77-446d-46d2-a25c-ec1730e8ff24} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d82bf6ef10 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc1ae44-ed12-4ab9-9cf5-11c23e4b6e77} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83dd16310 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3686a61-2d74-48be-9350-008e5e1b0717} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83c453f10 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file

Source: firefox.exe, 00000010.00000002.2392855517.0000029F36C30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllx
Source: firefox.exe, 00000013.00000002.2371235523.00000235E15DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW;
Source: firefox.exe, 0000000F.00000002.2393797104.0000020B9DB00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh4
Source: firefox.exe, 00000010.00000002.2370836429.0000029F3630A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0c
Source: firefox.exe, 0000000F.00000002.2371308443.0000020B9D59A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2393797104.0000020B9DB00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2392855517.0000029F36C30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2392082747.00000235E1A10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000F.00000002.2391681420.0000020B9DA20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000F.00000002.2393797104.0000020B9DB00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<7
Source: firefox.exe, 0000000F.00000002.2393797104.0000020B9DB00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2392855517.0000029F36C30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Rundll32	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Process Injection	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
star-mini.c10r.facebook.com	157.240.251.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
twitter.com	104.244.42.65	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
google.com	142.250.181.238	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.65.91	true	false	high
dyna.wikimedia.org	185.15.59.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
youtube-ui.l.google.com	172.217.16.142	true	false	high
reddit.map.fastly.net	151.101.65.140	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
www.google.com	216.58.206.68	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.65.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
35.201.103.21	normandy-cdn.services.mozilla.com	United States	15169	GOOGLEUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
172.217.18.100	unknown	United States	15169	GOOGLEUS	false

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1553709
Start date and time:	2024-11-11 16:04:32 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@38/42@84/15

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7598
Entropy (8bit):	5.170651866656446
Encrypted:	false
SSDEEP:	192:8LMXaEPcbhbVbTbfbRbObtbyEl7nMJA6UnSrDtTEd/S9x:8wXcNhnzFSJ/LnSrDhEd/a
MD5:	D05998C1E8C86F97619E7033CD8A93D7
SHA1:	E2E44E150FF60ABE6EEDEFDED0DF86744C2FBA9A
SHA-256:	675E7EEED97C116CBFD78BA3D3FD49CE307D19493C2EAE8501D4C004E728EA56
SHA-512:	8D45EFDC28ED2712DFF60A48E14B20A7133E140801B09C1F418F7F176D82AF6EB9F29C358BC70BABBBF7E51A385FBAD23717F05AF269F922A80FE5B500F15F31
Malicious:	false
Reputation:	low
Preview:	{"type":"uninstall","id":"46678f47-ef6d-479e-a5f6-9a619afec47b","creationDate":"2024-11-11T16:38:29.929Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 14:05:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9828842024757125
Encrypted:	false
SSDEEP:	48:8kdETo4tHhidAKZdA1FehwiZUklqehgy+3:8v/B3y
MD5:	A65E20724A74CEAE5D113DDDA9B6B152
SHA1:	A7C6D0B6C16032FB5CDBFFA90360C2B0B33C0370
SHA-256:	5D0EE7FA9AD864A586F765D2F6838B7529FE5E9F1653ED8823F7000575CAEAE6
SHA-512:	4BC83B571D8F20ADAC3628F02163AC9409055AE5960C79A9FFF3350209ADD8DFFE1F01F9A2950B24C86AEEACB61DCDB45660360E21027A5A07D26D630D94DBE2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........K4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IkY.x....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 11, 2024 16:04:58.239666939 CET	53	52283	1.1.1.1	192.168.2.16
Nov 11, 2024 16:04:58.248683929 CET	53	50472	1.1.1.1	192.168.2.16
Nov 11, 2024 16:04:59.514802933 CET	53	58873	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:03.069186926 CET	59112	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:05:03.069308043 CET	57987	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:05:03.076000929 CET	53	59112	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:03.076073885 CET	53	57987	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:14.277528048 CET	51680	53	192.168.2.16	8.8.8.8
Nov 11, 2024 16:05:14.277823925 CET	57462	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:05:14.284823895 CET	53	57462	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:14.285048008 CET	53	51680	8.8.8.8	192.168.2.16
Nov 11, 2024 16:05:16.247461081 CET	53	51140	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:35.228100061 CET	53	49824	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:57.996130943 CET	53	60840	1.1.1.1	192.168.2.16
Nov 11, 2024 16:05:58.212699890 CET	53	58354	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:00.391699076 CET	62930	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:00.391973019 CET	62819	53	192.168.2.16	8.8.8.8
Nov 11, 2024 16:06:00.398926973 CET	53	62819	8.8.8.8	192.168.2.16
Nov 11, 2024 16:06:00.399449110 CET	53	62930	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:03.329905033 CET	61720	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:03.337852955 CET	53	61720	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:03.338485956 CET	53670	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:03.346012115 CET	53	53670	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:04.906402111 CET	64934	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:04.914788008 CET	64875	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:04.921930075 CET	53	64875	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:04.922738075 CET	63190	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:04.931592941 CET	53	63190	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.199336052 CET	55045	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.200161934 CET	65126	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.206463099 CET	53	55045	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.207386971 CET	53	65126	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.209393024 CET	54414	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.212955952 CET	61554	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.216224909 CET	53	54414	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.221590996 CET	53	61554	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.222300053 CET	63198	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.229116917 CET	53	63198	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.426842928 CET	63080	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.426883936 CET	60433	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.426883936 CET	53654	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.433909893 CET	53	63080	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.434221983 CET	53	60433	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.434236050 CET	53	53654	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.434705973 CET	49905	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.435334921 CET	62501	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.435442924 CET	53914	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.436429024 CET	50774	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.441602945 CET	53	49905	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.442032099 CET	53	62501	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.442148924 CET	53	53914	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.442603111 CET	56734	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.442656040 CET	61497	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.443074942 CET	53529	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.443209887 CET	53	50774	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.449285984 CET	53	61497	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.449515104 CET	53	56734	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.449924946 CET	64786	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.450093985 CET	57290	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.450174093 CET	53	53529	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.456623077 CET	53	64786	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.457638025 CET	53	57290	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.459367037 CET	57264	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.459477901 CET	49373	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.461926937 CET	64319	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.466415882 CET	53	57264	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.466463089 CET	53	49373	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.467022896 CET	49290	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.468014002 CET	62028	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.474307060 CET	53	49290	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.474586010 CET	53	62028	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.485232115 CET	52953	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.491950989 CET	53	52953	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:06.493706942 CET	49372	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:06.500624895 CET	53	49372	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:07.269428968 CET	55974	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:07.276874065 CET	53	55974	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:07.278356075 CET	62906	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:07.285296917 CET	53	62906	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:07.753518105 CET	60842	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:07.760448933 CET	53	60842	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:08.174861908 CET	64526	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:08.181926966 CET	53	64526	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:08.182569981 CET	65155	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:08.189578056 CET	53	65155	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:09.544866085 CET	138	138	192.168.2.16	192.168.2.255
Nov 11, 2024 16:06:09.814438105 CET	64163	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:09.825162888 CET	53	64163	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:09.832453012 CET	57577	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:09.840291977 CET	53	57577	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:09.840888023 CET	49988	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:09.847714901 CET	53	49988	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:10.812540054 CET	60648	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:11.192445993 CET	53	63532	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:17.624517918 CET	49410	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:17.631402016 CET	53	49410	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:17.632406950 CET	59173	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:17.639499903 CET	53	59173	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:17.639993906 CET	61236	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:17.649719954 CET	53	61236	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:20.488234043 CET	54173	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:20.495491028 CET	53	54173	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:20.498311996 CET	61272	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:20.506103039 CET	53	61272	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:20.506608009 CET	53838	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:20.514262915 CET	53	53838	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:25.048419952 CET	64905	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:25.055341959 CET	53	64905	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:26.365251064 CET	53	57711	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:26.592098951 CET	54399	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:26.599066019 CET	53	54399	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:26.662587881 CET	61932	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:26.669878006 CET	53	61932	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:32.856215954 CET	64311	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:32.863642931 CET	53	64311	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:32.864278078 CET	52602	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:32.871392965 CET	53	52602	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:33.775707960 CET	55511	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:33.783421040 CET	53	55511	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:33.787374020 CET	63051	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:33.795011044 CET	53	63051	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:33.798058033 CET	53851	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:33.805398941 CET	53	53851	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:38.949793100 CET	61206	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:38.957075119 CET	53	61206	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:40.372986078 CET	57501	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.377619028 CET	55240	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.385910034 CET	64612	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.385976076 CET	53	55240	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:40.386800051 CET	52127	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.394236088 CET	53	64612	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:40.394532919 CET	53	52127	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:40.394887924 CET	54831	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.395260096 CET	59782	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:40.402203083 CET	53	54831	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:40.403009892 CET	53	59782	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:42.798906088 CET	55017	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:42.805788994 CET	53	55017	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.350327969 CET	54828	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.350613117 CET	56827	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.351129055 CET	52314	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.357812881 CET	53	56827	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.358026028 CET	53	54828	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.358036041 CET	53	52314	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.358433962 CET	51383	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.358592033 CET	49665	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.365293026 CET	53	49665	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.365705013 CET	53	51383	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.365745068 CET	61382	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.366071939 CET	52191	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.373223066 CET	53	52191	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.373270035 CET	53	61382	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:47.931665897 CET	63614	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:47.938678980 CET	53	63614	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:57.394438982 CET	63641	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.176291943 CET	56182	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.176291943 CET	55237	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.183027029 CET	53	56182	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.183706999 CET	53	55237	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.183942080 CET	58272	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.184581995 CET	50256	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.185798883 CET	59509	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.191351891 CET	53	50256	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.192420959 CET	55080	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.193227053 CET	53	59509	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.196856022 CET	62165	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.201080084 CET	53	55080	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.201548100 CET	53585	53	192.168.2.16	1.1.1.1
Nov 11, 2024 16:06:58.203896999 CET	53	62165	1.1.1.1	192.168.2.16
Nov 11, 2024 16:06:58.208338976 CET	53	53585	1.1.1.1	192.168.2.16

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:06:04.942295074 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:05.358541012 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73322 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:06:06.475035906 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:06.909230947 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:43 GMT Age: 73283 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:06:08.535408020 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:08.950243950 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73325 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:09.468143940 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:09.556894064 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73326 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:10.823044062 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:10.911983013 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73327 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:17.328162909 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:17.417313099 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73334 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:20.787094116 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:20.875843048 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73337 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:24.538702965 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:24.627058983 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73341 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:25.047379017 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:25.135571957 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73342 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:26.807065964 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:26.895879984 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73343 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:31.701045990 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:31.789987087 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73348 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:37.516391993 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:37.604747057 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73354 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:40.376148939 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:40.466466904 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73357 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:42.408309937 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:42.496999025 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73359 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:47.315747023 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:47.404603958 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73364 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:48.538213968 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:48.629081011 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73365 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:50.085299969 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:50.173983097 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73367 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:58.174734116 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:06:09.807965040 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:10.223377943 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73269 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:11.367525101 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:11.460457087 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73270 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:17.616653919 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:17.706221104 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73276 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:22.446819067 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:22.535861969 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73281 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:24.968187094 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:25.058199883 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73284 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:26.067904949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:26.156217098 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73285 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:31.699260950 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:31.788398981 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73290 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:31.992279053 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:32.087330103 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73291 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:40.372906923 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:40.462471008 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73299 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:42.401631117 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:42.489687920 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73301 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:43.361304045 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:43.450645924 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73302 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:48.532839060 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:48.624290943 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73307 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:50.019701004 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:50.108450890 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73309 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:50.479453087 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:50.567646027 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73309 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:58.615310907 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:58.704152107 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73317 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 11, 2024 16:06:58.888556957 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:06:58.977361917 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:45:01 GMT Age: 73317 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:06:58.198158979 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:58.612099886 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73375 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:06:58.796144009 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:06:58.886132956 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73375 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:07:03.094425917 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:07:03.509316921 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73380 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 11, 2024 16:07:03.551331043 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 11, 2024 16:07:03.640239954 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:03 GMT Age: 73380 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 16:07:03.648916960 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 11, 2024 16:07:04.094006062 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 10 Nov 2024 18:44:43 GMT Age: 73341 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_46678f47-ef6d-479e-a5f6-9a619afec47b.json (copy)

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_46678f47-ef6d-479e-a5f6-9a619afec47b.json.tmp

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

C:\Users\user\AppData\Local\Temp\tmpaddon

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

Windows Analysis Report
http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip

Timestamp	Bytes transferred	Direction	Data
2024-11-11 15:05:11 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8uAPUeCxOZk6NxY&MD=3pcpwnuR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-11 15:05:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9bd4729f-aedd-4801-b5f3-47443177a76b MS-RequestId: ad3507de-e1ff-4c6a-8f3c-96e665c51026 MS-CV: Mz9OHcZCUEaOoHmd.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 11 Nov 2024 15:05:10 GMT Connection: close Content-Length: 24490
2024-11-11 15:05:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-11 15:05:11 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-11 15:05:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-11 15:05:12 UTC	465	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=6036 Date: Mon, 11 Nov 2024 15:05:12 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-11 15:05:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-11 15:05:15 UTC	513	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=5984 Date: Mon, 11 Nov 2024 15:05:15 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-11 15:05:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-11 15:05:44 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 15:05:44 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 15:05:44 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-hP9gaXB-CUNJdx123NfsZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 15:05:44 UTC	112	IN	Data Raw: 31 32 62 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 7a 6f 64 69 61 63 20 73 69 67 6e 73 20 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 67 74 61 20 36 20 67 61 6d 65 70 6c 61 79 20 74 65 61 73 65 72 22 2c 22 77 72 65 63 6b 20 6f 66 20 74 68 65 20 65 64 6d 75 6e 64 20 66 69 74 7a 67 65 72 61 6c 64 22 2c 22 68 Data Ascii: 12bf)]}'["",["zodiac signs daily horoscope today","gta 6 gameplay teaser","wreck of the edmund fitzgerald","h
2024-11-11 15:05:44 UTC	1378	IN	Data Raw: 61 6e 6e 61 66 6f 72 64 20 73 75 70 65 72 6d 61 72 6b 65 74 73 22 2c 22 6c 61 73 20 76 65 67 61 73 20 6e 6d 20 73 6e 6f 77 66 61 6c 6c 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 66 6f 72 65 63 61 73 74 22 2c 22 6e 79 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 68 69 6e 74 73 20 6e 6f 76 65 6d 62 65 72 20 31 31 22 2c 22 75 66 63 20 6e 69 63 6b 20 64 69 61 7a 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 Data Ascii: annaford supermarkets","las vegas nm snowfall","northern lights aurora forecast","nyt connections hints november 11","ufc nick diaz"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcg
2024-11-11 15:05:44 UTC	1378	IN	Data Raw: 5a 54 56 4d 52 33 52 7a 55 48 70 32 53 6a 68 35 63 47 70 4a 4d 6b 35 77 4e 57 46 30 63 7a 4e 69 51 6a 42 74 63 33 51 77 4d 32 4e 58 62 6b 68 54 4e 6c 41 77 5a 6b 5a 44 52 7a 4a 75 61 6b 35 33 54 6a 4a 72 57 6c 46 58 62 6c 70 6c 56 7a 46 35 55 6e 41 79 53 6b 4e 4c 55 6c 46 34 54 30 68 6c 61 6b 59 72 63 46 5a 78 64 6b 68 7a 55 30 68 48 4e 44 4a 75 52 56 51 76 64 56 46 32 54 57 34 30 5a 32 4e 51 5a 48 64 30 53 46 59 78 4d 56 68 69 56 46 55 78 63 33 4e 49 4e 6d 6c 32 61 6e 46 48 51 54 64 58 53 46 4a 34 55 6e 6b 32 57 58 6f 30 5a 54 52 54 56 44 68 58 59 31 59 33 52 6e 4e 6a 54 58 70 4a 56 32 64 48 4d 6d 68 6e 4f 57 4a 76 56 6c 56 6a 5a 44 52 75 53 6d 5a 57 57 48 6f 31 4d 7a 42 32 4d 43 74 54 53 57 35 6f 56 6b 38 35 63 6c 4e 58 55 45 70 4b 54 6a 64 51 4c 33 64 Data Ascii: ZTVMR3RzUHp2Sjh5cGpJMk5wNWF0czNiQjBtc3QwM2NXbkhTNlAwZkZDRzJuak53TjJrWlFXblplVzF5UnAySkNLUlF4T0hlakYrcFZxdkhzU0hHNDJuRVQvdVF2TW40Z2NQZHd0SFYxMVhiVFUxc3NINml2anFHQTdXSFJ4Unk2WXo0ZTRTVDhXY1Y3RnNjTXpJV2dHMmhnOWJvVlVjZDRuSmZWWHo1MzB2MCtTSW5oVk85clNXUEpKTjdQL3d
2024-11-11 15:05:44 UTC	1378	IN	Data Raw: 6c 4e 46 51 58 42 7a 55 6c 4e 49 51 6e 52 59 59 6e 67 30 63 58 4e 42 57 57 6c 58 52 33 6c 59 65 56 68 35 4e 56 46 7a 57 6d 6b 35 54 32 70 72 61 30 46 4f 65 45 70 4d 54 58 70 4b 62 31 5a 52 65 69 38 32 63 47 70 74 65 6e 41 78 52 56 6c 55 54 58 68 42 51 55 52 58 57 6a 4a 59 52 32 39 45 52 47 38 7a 59 30 64 78 61 7a 46 35 4d 32 31 46 61 6b 74 79 62 58 5a 71 65 45 67 30 64 57 31 72 57 45 63 31 54 55 6c 42 52 6e 64 44 55 47 56 56 63 55 78 69 55 6a 63 7a 65 6c 64 51 55 6e 6b 33 61 6c 64 33 4e 6b 5a 76 5a 6d 74 56 61 6c 6c 71 4d 57 39 58 53 46 6c 42 54 46 4a 4e 4d 6b 64 43 61 6d 74 30 52 48 46 69 61 30 64 53 61 6b 34 7a 4d 54 6c 57 57 6c 55 76 56 45 5a 4c 54 31 63 32 63 32 4a 53 52 46 6c 6a 51 32 64 35 63 48 42 77 61 6a 55 78 62 30 4a 42 56 31 55 79 61 57 4e 69 Data Ascii: lNFQXBzUlNIQnRYYng0cXNBWWlXR3lYeVh5NVFzWmk5T2pra0FOeEpMTXpKb1ZRei82cGptenAxRVlUTXhBQURXWjJYR29ERG8zY0dxazF5M21FaktybXZqeEg0dW1rWEc1TUlBRndDUGVVcUxiUjczeldQUnk3ald3NkZvZmtVallqMW9XSFlBTFJNMkdCamt0RHFia0dSak4zMTlWWlUvVEZLT1c2c2JSRFljQ2d5cHBwajUxb0JBV1UyaWNi
2024-11-11 15:05:44 UTC	561	IN	Data Raw: 74 53 6b 56 6d 62 45 4e 52 65 6b 4e 4c 51 6c 6c 71 52 55 45 79 52 44 5a 55 4e 7a 6b 35 55 46 45 72 57 56 56 72 61 69 74 42 61 32 46 56 53 48 42 6f 64 30 52 53 57 54 4e 4d 57 47 46 51 63 6b 78 59 52 44 63 7a 4d 56 5a 6f 56 33 6b 79 57 57 35 30 56 57 74 30 55 44 56 52 57 6e 42 52 56 58 70 77 53 47 74 6b 54 30 30 7a 53 55 70 35 62 55 35 35 54 6b 78 76 64 31 59 32 62 56 70 47 64 32 46 71 4d 6b 31 46 51 33 70 70 53 32 68 6c 55 33 51 79 4e 46 5a 44 57 57 55 31 56 33 4e 61 61 6c 42 55 52 32 74 55 57 44 41 35 54 31 52 30 4d 30 70 68 4e 58 42 58 57 6b 67 79 4f 46 46 43 51 58 46 46 51 56 42 42 56 48 6c 69 53 45 70 57 65 57 46 51 63 32 68 6f 56 58 64 6e 54 6e 68 71 51 55 31 50 5a 30 74 5a 55 55 31 35 56 55 64 6e 65 55 56 32 4e 32 31 69 65 56 64 52 4d 57 4a 68 53 32 Data Ascii: tSkVmbENRekNLQllqRUEyRDZUNzk5UFErWVVraitBa2FVSHBod0RSWTNMWGFQckxYRDczMVZoV3kyWW50VWt0UDVRWnBRVXpwSGtkT00zSUp5bU55Tkxvd1Y2bVpGd2FqMk1FQ3ppS2hlU3QyNFZDWWU1V3NaalBUR2tUWDA5T1R0M0phNXBXWkgyOFFCQXFFQVBBVHliSEpWeWFQc2hoVXdnTnhqQU1PZ0tZUU15VUdneUV2N21ieVdRMWJhS2
2024-11-11 15:05:44 UTC	88	IN	Data Raw: 35 32 0d 0a 68 32 55 33 63 77 65 6b 63 30 64 6b 78 68 4d 57 31 6f 4e 55 4e 47 5a 6b 68 58 64 48 52 73 4e 32 51 72 51 32 78 6d 5a 56 4a 76 57 6d 6b 32 5a 45 52 43 61 43 74 59 56 54 42 6a 51 31 59 30 4d 45 68 72 61 58 6c 49 56 45 30 34 61 6d 74 68 5a 54 64 4c 0d 0a Data Ascii: 52h2U3cwekc0dkxhMW1oNUNGZkhXdHRsN2QrQ2xmZVJvWmk2ZERCaCtYVTBjQ1Y0MEhraXlIVE04amthZTdL
2024-11-11 15:05:44 UTC	1363	IN	Data Raw: 35 34 63 0d 0a 4d 30 35 4d 61 54 67 34 56 32 35 70 4d 30 35 73 4d 48 46 69 62 53 74 57 61 56 4a 6a 64 69 74 32 54 46 63 79 64 47 78 58 63 69 39 77 54 45 78 76 51 57 31 74 56 55 67 72 4c 32 70 43 4f 57 5a 52 4e 44 68 70 65 53 39 4d 64 79 39 6b 57 6a 42 6c 64 55 52 47 57 6c 5a 51 63 54 45 79 53 57 78 6d 4c 32 55 7a 62 44 4d 7a 62 54 52 58 5a 58 70 70 4e 48 5a 69 64 6a 63 72 63 57 49 35 55 7a 49 32 63 6c 63 78 4b 32 78 5a 4f 57 77 33 4f 46 52 6c 56 45 64 52 56 48 4a 6d 5a 55 67 77 59 56 56 34 63 30 35 6c 4e 6b 55 77 61 6e 52 51 59 56 42 4f 63 6e 46 57 4e 45 78 57 63 45 51 34 63 56 5a 4f 64 46 55 34 54 54 4a 4c 4d 6e 68 43 59 55 35 73 55 6c 46 54 4d 56 5a 76 5a 46 64 68 61 6c 59 32 4e 32 35 6a 62 6d 5a 68 5a 7a 52 74 4e 47 4d 33 56 7a 67 78 54 30 6f 30 52 47 Data Ascii: 54cM05MaTg4V25pM05sMHFibStWaVJjdit2TFcydGxXci9wTExvQW1tVUgrL2pCOWZRNDhpeS9Mdy9kWjBldURGWlZQcTEySWxmL2UzbDMzbTRXZXppNHZidjcrcWI5UzI2clcxK2xZOWw3OFRlVEdRVHJmZUgwYVV4c05lNkUwanRQYVBOcnFWNExWcEQ4cVZOdFU4TTJLMnhCYU5sUlFTMVZvZFdhalY2N25jbmZhZzRtNGM3VzgxT0o0RG
2024-11-11 15:05:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-11 15:05:48 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8uAPUeCxOZk6NxY&MD=3pcpwnuR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-11 15:05:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 73bfad66-006d-4cbc-999c-dd40db5a1257 MS-RequestId: e285c6dc-8e1d-432c-ab9f-9f9267bf8109 MS-CV: XXIBrDAJnk6UT+XZ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 11 Nov 2024 15:05:47 GMT Connection: close Content-Length: 30005
2024-11-11 15:05:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-11 15:05:49 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	10:04:57
Start date:	11/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	10:04:58
Start date:	11/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2000.zip"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	12
Start time:	10:05:32
Start date:	11/11/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff645b10000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	13
Start time:	10:06:01
Start date:	11/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe"
Imagebase:	0x7ff7916a0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	16
Start time:	10:06:03
Start date:	11/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc1ae44-ed12-4ab9-9cf5-11c23e4b6e77} 7856 "\\.\pipe\gecko-crash-server-pipe.7856" 1d83dd16310 rdd
Imagebase:	0x7ff7916a0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false