Click to jump to signature section
| Source: 6eftz6UKDm.exe | Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49716 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49727 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49747 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49748 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49757 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49784 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49785 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.5:49787 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49792 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49793 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49794 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49797 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49867 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49868 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49873 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49874 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49877 version: TLS 1.2 |
| Source: | Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2320579255.000002B035CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2318788013.000002B0360B5000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: kbdus.pdb source: firefox.exe, 0000000E.00000003.2284334248.000002B034FAE000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2323604558.000002B034FD6000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2323203334.000002B034FD0000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2323604558.000002B034FD6000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2322240119.000002B034FCF000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr |
| Source: | Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2318788013.000002B0360B5000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: kbdus.pdbGCTL source: firefox.exe, 0000000E.00000003.2284334248.000002B034FAE000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr |
| Source: | Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2322240119.000002B034FCF000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: sspicli.pdb`rW source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2318788013.000002B0360B5000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2292430631.000002B040621000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2320579255.000002B035CDE000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2323203334.000002B034FD0000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: wininet.pdb` source: firefox.exe, 0000000E.00000003.2319408039.000002B035FAA000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2318788013.000002B0360B5000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2292430631.000002B040621000.00000004.00000020.00020000.00000000.sdmp |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, | 0_2_00B0DBBE |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00ADC2A2 FindFirstFileExW, | 0_2_00ADC2A2 |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B168EE FindFirstFileW,FindClose, | 0_2_00B168EE |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, | 0_2_00B1698F |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00B0D076 |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00B0D3A9 |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00B19642 |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00B1979D |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, | 0_2_00B19B2B |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B15C97 FindFirstFileW,FindNextFileW,FindClose, | 0_2_00B15C97 |
| Source: Joe Sandbox View | IP Address: 34.149.100.209 34.149.100.209 |
| Source: Joe Sandbox View | IP Address: 34.117.188.166 34.117.188.166 |
| Source: Joe Sandbox View | IP Address: 151.101.193.91 151.101.193.91 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: C:\Users\user\Desktop\6eftz6UKDm.exe | Code function: 0_2_00B1CE44 InternetReadFile,SetEvent,GetLastError,SetEvent, | 0_2_00B1CE44 |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache |
| Source: global traffic | HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive |
| Source: firefox.exe, 0000000E.00000003.2267416841.000002B035E72000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: *://connect.facebook.net/*/sdk.js**://cdn.optimizely.com/public/*.js*://static.chartbeat.com/js/chartbeat_video.js*://www.rva311.com/static/js/main.*.chunk.js*://connect.facebook.net/*/all.js**://*.imgur.com/js/vendor.*.bundle.js*://www.google-analytics.com/analytics.js**://www.google-analytics.com/gtm/js**://www.everestjs.net/static/st.v3.js* equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2267416841.000002B035E72000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2313902349.000002B039B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206504779.000002B039B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288168371.000002B039B81000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2288168371.000002B039BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302850291.000002B039BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206504779.000002B039B98000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube) |
| Source: firefox.exe, 0000000E.00000003.2262474226.000002B036F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2212745115.000002B036F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204044907.000002B03D5F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2280088084.000002B03D5A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262474226.000002B036F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279278035.000002B03E8B0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube) |
| Source: firefox.exe, 0000000E.00000003.2313902349.000002B039B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318358499.000002B03642E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206504779.000002B039B81000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2288168371.000002B039BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302850291.000002B039BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206504779.000002B039B98000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube) |
| Source: firefox.exe, 0000000E.00000003.2267303428.000002B035E95000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: ["www.facebook.com","facebook.com"] equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2267303428.000002B035E95000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: ["www.youtube.com","youtube.com"] equals www.youtube.com (Youtube) |
| Source: firefox.exe, 0000000E.00000003.2287272602.000002B03D58D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280088084.000002B03D58B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook) |
| Source: firefox.exe, 0000000E.00000003.2287272602.000002B03D58D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280088084.000002B03D58B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube) |
| Source: firefox.exe, 0000000E.00000003.2267303428.000002B035E95000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: chrome://browser/content/cfr-lightning-dark.svgmr2022-onboarding-mobile-download-image-altmr2022-onboarding-mobile-download-titlemr2022-onboarding-existing-pin-headermr2022-onboarding-mobile-download-subtitlechrome://global/skin/icons/search-glass.svgmr2022-onboarding-mobile-download-cta-textresource://nimbus/ExperimentAPI.sys.mjsmr2022-onboarding-pin-private-image-altcfr-doorhanger-milestone-close-buttonetp-promotions?as=u&utm_source=inproduct["www.youtube.com","youtube.com"]mr2022-onboarding-existing-pin-subtitlemr2022-onboarding-set-default-titlemr2022-onboarding-set-default-subtitlemr2022-onboarding-privacy-segmentation-image-altdefault-browser-notification-messagedefault-browser-notification-button["www.wikipedia.org","wikipedia.org"]resource:///modules/ShellService.sys.mjs["www.facebook.com","facebook.com"]services.sync.clients.devices.mobilechrome://browser/content/cfr-lightning.svgmr2022-onboarding-pin-primary-button-labelmr2022-onboarding-secondary-skip-button-labelmr2022-onboarding-existing-pin-checkbox-labelresource://gre/modules/AppConstants.sys.mjsresource://gre/modules/XPCOMUtils.sys.mjsmr2022-onboarding-import-image-altresource://gre/modules/BrowserUtils.sys.mjsmr2022-onboarding-default-image-altbrowser.startup.upgradeDialog.pinPBM.disabledmr2022-onboarding-gratitude-title | regExpMatch('(?<=complete":)(.*)(?=})')fluent:about-private-browsing-focus-promo-text-cfluent:about-private-browsing-learn-more-linkfeltPrivacyShowPreferencesSectionbrowser.dataFeatureRecommendations.enabledScan the QR code to get Firefox Klarmr2022-onboarding-gratitude-subtitle!inMr2022Holdback && doesAppNeedPrivatePinmr2022-onboarding-no-mobile-download-cta-textmr2022-onboarding-privacy-segmentation-text-ctamr2022-onboarding-get-started-primary-subtitlemr2022-onboarding-gratitude-image-altbrowser.firefox-view.feature-tour | regExpMatch('(?<=screen"s*:)s*"(mr2022-onboarding-privacy-segmentation-title | length - 1] == null || messageImpressions.fx100-thank-you-pin-primary-button-labelonboarding-start-browsing-button-labelmr2022-onboarding-gratitude-primary-button-labelfluent:about-private-browsing-focus-promo-ctacookiebanners.service.mode.privateBrowsing_shouldShowPrivacySegmentationScreenbrowser.shell.checkDefaultBrowserfluent:about-private-browsing-pin-promo-headerchrome://browser/content/assets/focus-promo.pngchrome://browser/content/assets/focus-logo.svgfluent:about-private-browsing-pin-promo-titlechrome://browser/content/asset |
Edit tour
6eftz6UKDm.exe (PID: 7308 cmdline: 
taskkill.exe (PID: 7360 cmdline: 
conhost.exe (PID: 7368 cmdline: 
firefox.exe (PID: 7724 cmdline: 
