Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ReJIL-_Document_No._2500015903.msg

Overview

General Information

Sample name:ReJIL-_Document_No._2500015903.msg
Analysis ID:1580968
MD5:f1d1d0f881bf1e10771c8e7d1230b28f
SHA1:1a7dd1a1d02119ac136dd6d0d95a9fe444e9741e
SHA256:bfa12644ac8d62fb73bf53594dce8a31f43c9c42f14de9aa2c77dd70fd168777
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected potential phishing Email
Sets file extension default program settings to executables
Tries to harvest and steal browser information (history, passwords, etc)
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2920 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ReJIL-_Document_No._2500015903.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6944 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "13C184CF-6612-428C-9B3D-0B8B2FBB249B" "EC0390AB-FD20-4BC4-9931-1C7789466420" "2920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • OpenWith.exe (PID: 1572 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • firefox.exe (PID: 5928 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1608 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint --attempting-deelevation -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 876 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 364 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42f32c43-6ae8-4858-820e-356d2464dcf8} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2607156c510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5820 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 3968 -prefMapHandle 3888 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92d2cb94-0f6b-43f4-967c-ce8066be3f32} 876 "\\.\pipe\gecko-crash-server-pipe.876" 26082420310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3524 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5268 -prefMapHandle 5676 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b08b45-2597-49eb-84bd-a77bd444c4c4} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2608803cb10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • pingsender.exe (PID: 1000 cmdline: "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/92118fc7-b26d-4ba4-8aa3-ae9db125b705/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705 MD5: B380758F0DAA6B44346C7994EB2408D7)
        • conhost.exe (PID: 6908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • pingsender.exe (PID: 7152 cmdline: "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/8703f130-6e6f-4e45-878c-98abc4931698/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698 MD5: B380758F0DAA6B44346C7994EB2408D7)
        • conhost.exe (PID: 5096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • pingsender.exe (PID: 4912 cmdline: "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/82a4d6ca-10cf-48af-99bb-486a9877ccf2/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2 MD5: B380758F0DAA6B44346C7994EB2408D7)
        • conhost.exe (PID: 2196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • firefox.exe (PID: 5636 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6384 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • rundll32.exe (PID: 1288 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • 7zFM.exe (PID: 6484 cmdline: "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Downloads\JIL-_Document_No._2500015903.GZ" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)
    • notepad.exe (PID: 2816 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt MD5: 27F71B12CB585541885A31BE22F61C83)
  • OpenWith.exe (PID: 3052 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • notepad.exe (PID: 4136 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text MD5: 27F71B12CB585541885A31BE22F61C83)
  • OpenWith.exe (PID: 4896 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2920, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2920, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious attachments including a compressed .GZ file and generic screenshot which are common phishing tactics. Generic document number in subject and request for quotation without specific details is typical of phishing attempts. While using a UAE business address, the email pattern and vague request is characteristic of scam attempts
Source: EmailClassification: Invoice Scam
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdb SHA256 source: notepad.exe, 00000029.00000003.2365537601.0000024747C14000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdb source: firefox.exe, 00000012.00000003.1856332282.000002607EDBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1843210160.000002607EDE1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1914771455.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1837796332.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1915401926.000002608B09A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B098000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1837796332.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914771455.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: esdsip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1914771455.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1837796332.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 00000012.00000003.1904391538.0000026082A85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1803349908.0000026082A85000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sxs.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000012.00000003.1804731767.0000026082599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1895545590.0000026082599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1935535546.0000026082599000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: coml2.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OpcServices.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8pwrshsip.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OneCoreCommonProxyStub.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000012.00000003.1849350940.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1884614326.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1849350940.000002608A445000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000012.00000003.1784916673.00000260896C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1824056214.0000026088051000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 00000012.00000003.1856332282.000002607EDBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8policymanager.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1780214943.00000260898AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000012.00000003.1930039826.000002608E601000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 00000012.00000003.1775173222.0000026089E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917790730.0000026089E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1849350940.000002608A445000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshext.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: AppxSip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdb source: 7zFM.exe, 0000001D.00000003.2034665450.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2084015943.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000002.2489141705.00000292DBC00000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2075338168.00000292DBE0E000.00000004.00000020.00020000.00000000.sdmp, .text.29.dr
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1930039826.000002608E601000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 00000012.00000003.1843210160.000002607EDE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowsCodecs.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdbSHA256 source: 7zFM.exe, 0000001D.00000003.2034665450.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2084015943.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000002.2489141705.00000292DBC00000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2075338168.00000292DBE0E000.00000004.00000020.00020000.00000000.sdmp, .text.29.dr
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1793594580.0000026083763000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 00000012.00000003.1849350940.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1884614326.000002608A454000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp110_win.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1899641626.0000026089870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.000002608986A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 00000012.00000003.1780214943.00000260898AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1779322711.0000026089E10000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msisip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1784916673.00000260896C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8comctl32.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wintrust.pdb source: firefox.exe, 00000012.00000003.1775173222.0000026089E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917790730.0000026089E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1775562202.0000026089E39000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000012.00000003.1760348326.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1784916673.000002608969E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1766715408.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1841622338.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8thumbcache.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdbP4 source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb,K source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: firefox.exeMemory has grown: Private usage: 1MB later: 235MB
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'The number of recent visits to sample when calculating the ranking of a page. Examining all the visits would be expensive, so we only sample recent visits.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'The number of recent visits to sample when calculating the ranking of a page. Examining all the visits would be expensive, so we only sample recent visits.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'The number of recent visits to sample when calculating the ranking of a page. Examining all the visits would be expensive, so we only sample recent visits.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: )) OVER (PARTITION BY fixup_url(host)) > 0UpdateService.canUsuallyCheckForUpdates - unable to automatically check for updates, the option has been disabled by the administrator.https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://securepubads.g.doubleclick.net/tag/js/gpt.js**://id.rambler.ru/rambler-id-helper/auth_events.js*://www.gstatic.com/firebasejs/*/firebase-messaging.js*https://static.adsafeprotected.com/firefox-etp-pixelTerminatoryTelemetry: Waiting to submit telemetry equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000012.00000003.1720026615.0000026082683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.2183685814.000002607E47C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000003.1774100043.0000026089EF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1778960061.0000026089E84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917126230.0000026089EF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1976135161.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1734382181.000002608ABD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1834249040.0000026081CF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774100043.0000026089EF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1778960061.0000026089E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1976135161.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1734382181.000002608ABD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @mozilla.org/network/file-output-stream;1@mozilla.org/network/atomic-file-output-stream;1https://smartblock.firefox.etp/facebook.svg*://www.google-analytics.com/analytics.js**://www.googletagmanager.com/gtm.js**://ssl.google-analytics.com/ga.js*://imasdk.googleapis.com/js/sdkloader/ima3.js*://www.googletagservices.com/tag/js/gpt.js**://pagead2.googlesyndication.com/tag/js/gpt.js**://adservex.media.net/videoAds.js**://*.vidible.tv/*/vidible-min.js**://js.maxmind.com/js/apis/geoip2/*/geoip2.js*://www.google-analytics.com/gtm/js**://cdn.adsafeprotected.com/iasPET.1.js*://s.webtrends.com/js/advancedLinkTracking.js*://s0.2mdn.net/instream/html5/ima3.js*://s.webtrends.com/js/webtrends.js*://cdn.optimizely.com/public/*.js*://s.webtrends.com/js/webtrends.min.jsTelemetrySession::onEnvironmentChange equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: KEY_PLUGIN_LAST_DOWNLOAD_FAIL_REASONmedia.{0}.allow-x64-plugin-on-arm64media.gmp-manager.cert.requireBuiltInstartup - adding clearkey CDM directory startup - adding clearkey CDM failedsitepermsaddon-provider-registeredThis should only be called from XPCShell testsThis should only be called from XPCShell testsuninstallPlugin() - unregistering gmp directory addGatedPermissionTypesForXpcShellTests*://c.amazon-adsystem.com/aax2/apstag.js*://static.chartbeat.com/js/chartbeat.jsFileUtils_openAtomicFileOutputStreamresource://gre/modules/addons/XPIProvider.jsm@mozilla.org/addons/addon-manager-startup;1FileUtils_closeSafeFileOutputStreamhttps://smartblock.firefox.etp/play.svg*://cdn.branch.io/branch-latest.min.js**://static.chartbeat.com/js/chartbeat_video.js@mozilla.org/network/safe-file-output-stream;1*://*.imgur.com/js/vendor.*.bundle.js*://*.imgur.io/js/vendor.*.bundle.js*://auth.9c9media.ca/auth/main.js*://www.rva311.com/static/js/main.*.chunk.js*://pub.doubleverify.com/signals/pub.js*pictureinpicture%40mozilla.org:1.0.0*://static.criteo.net/js/ld/publishertag.jswebcompat-reporter%40mozilla.org:1.5.1*://www.everestjs.net/static/st.v3.js*FileUtils_openSafeFileOutputStreamwebcompat-reporter@mozilla.org.xpiFileUtils_closeAtomicFileOutputStream*://track.adform.net/serving/scripts/trackpoint/*://web-assets.toggl.com/app/assets/scripts/*.js*://libs.coremetrics.com/eluminate.jsresource://gre/modules/FileUtils.sys.mjs*://connect.facebook.net/*/sdk.js**://connect.facebook.net/*/all.js*resource://gre/modules/TelemetryStorage.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Get to a Wikipedia page fast, from anywhere on the web. Just highlight any webpage text and right-click to open the context menu to start a Wikipedia search. equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Get to a Wikipedia page fast, from anywhere on the web. Just highlight any webpage text and right-click to open the context menu to start a Wikipedia search. equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Get to a Wikipedia page fast, from anywhere on the web. Just highlight any webpage text and right-click to open the context menu to start a Wikipedia search. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000012.00000002.2294852207.000002607D757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp--panel-banner-item-info-icon-bgcolor*://pubads.g.doubleclick.net/gampad/*ad**://*.adsafeprotected.com/*/imp/*color-mix(in srgb, currentColor 9%, transparent)*://*.adsafeprotected.com/jload?**://cdn.cmp.advertising.com/firefox-etp*://www.facebook.com/platform/impression.php**://*.adsafeprotected.com/*/Serving/**://track.adform.net/Serving/TrackPoint/**://*.adsafeprotected.com/*/unit/*resource://gre/modules/ExtensionParent.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation. equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/New features include Inline Image Viewer, Never Ending Reddit (never click 'next page' again), Keyboard Navigation, Account Switcher, and User Tagger. equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/New features include Inline Image Viewer, Never Ending Reddit (never click 'next page' again), Keyboard Navigation, Account Switcher, and User Tagger. equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/New features include Inline Image Viewer, Never Ending Reddit (never click 'next page' again), Keyboard Navigation, Account Switcher, and User Tagger. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1897441306.000002608233E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1897441306.000002608233E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000003.1897441306.000002608233E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.facebook.com (Facebook)
Source: firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.twitter.com (Twitter)
Source: firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/css/bug1799994-www.vivobarefoot.com-product-filters-fix.cssmoz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.jsC:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: resource://gre/modules/FileUtils.sys.mjshttp://www.inbox.lv/rfc2368/?value=%shttps://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandlersIfNeededhttp://poczta.interia.pl/mh/?mailto=%shandlerSvc fillHandlerInfo: don't know this typeMust have a source and a callback@mozilla.org/network/simple-stream-listener;1newChannel requires a single object argumentSEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLFirst argument should be an nsIInputStream@mozilla.org/intl/converter-input-stream;1https://mail.yahoo.co.jp/compose/?To=%shttps://mail.inbox.lv/compose?to=%s@mozilla.org/network/input-stream-pump;1Non-zero amount of bytes must be specifiedhttps://mail.yandex.ru/compose?mailto=%s@mozilla.org/network/async-stream-copier;1https://poczta.interia.pl/mh/?mailto=%spdfjs.previousHandler.preferredActionpdfjs.previousHandler.alwaysAskBeforeHandlinghttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sVALIDATE_DONT_COLLAPSE_WHITESPACE@mozilla.org/uriloader/handler-service;1@mozilla.org/scriptableinputstream;1@mozilla.org/uriloader/handler-service;1 equals www.yahoo.com (Yahoo)
Source: firefox.exe, 00000012.00000003.1793594580.00000260837FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1834249040.0000026081CF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774100043.0000026089EF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000003.1976135161.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1734382181.000002608ABD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1910995560.00000260810F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000003.1834249040.0000026081CD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1834249040.0000026081CB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1554436942.00000260809FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 00000012.00000002.2217793732.000002607156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1858109040.000002607EDAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000012.00000003.1990780289.0000026080A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000012.00000003.1978766349.0000026081091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/ExtHandlerService.sys.mjsreso
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000012.00000003.1864729692.000002607EDAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1858109040.000002607EDAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000012.00000002.2267809356.000002607CEB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000012.00000003.2184251069.000002607E473000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000012.00000002.2267809356.000002607CEE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1801703344.0000026082AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2174602304.000002607EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000012.00000003.1731465353.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1649372851.000002608DCE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2174602304.000002607EB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1793594580.000002608376C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1801703344.0000026082AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000012.00000003.1974732109.000002608094A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1649372851.000002608DCE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2174602304.000002607EB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000012.00000002.2217793732.0000026071503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000012.00000003.1621847594.0000026089421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/cbhStudyRow
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/cbhStudyUs
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/enabled
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/extraParams
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/filterFetchResponse
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/javascriptValidator
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/mediaExceptionsStrategy
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/originsAlternativeEnable
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/originsDaysCutOff
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesAlternativeEnable
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesHalfLifeDays
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesHighWeight
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesLowWeight
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesMediumWeight
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesNumSampledVisits
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingEnabled
Source: firefox.exe, 00000012.00000003.1559835256.000002608DCC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1603480479.0000026089FD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1809516020.00000260824BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1883949739.000002608A4C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1875961076.0000026081440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1933059222.00000260836C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1618439277.0000026081D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2314893480.000002607E6D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1593649993.00000260813A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1680233345.000002608DCDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1506842071.00000260811FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1910723045.0000026081440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1689903811.000002608A8FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1506798810.00000260812D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1937283243.00000260824BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1842171690.000002608A8FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1618673705.0000026081D14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1933059222.00000260836D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1954582357.0000026082459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1858109040.000002607EDAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1844703358.000002607ED78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1862918278.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1847816921.0000026073225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000012.00000003.1899641626.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000012.00000003.1552614127.000002608237D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000012.00000003.1899641626.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1552614127.000002608237D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000012.00000003.1864729692.000002607EDAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1860659875.000002607ED24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1858109040.000002607EDAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%shttps://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandle
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000012.00000003.1772226723.000002608A351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000012.00000003.1550841232.0000026082572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1804731767.000002608256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1550841232.00000260825C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2184562858.000002607E46D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1968731297.000002608097E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2305260309.000002607E430000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000012.00000003.1804731767.000002608256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1905041723.0000026082574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulFX_SESSION_RESTORE_COLLECT_DATA_MS
Source: firefox.exe, 00000012.00000003.1905041723.0000026082574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000012.00000002.2294852207.000002607D79E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchangeGUID:
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/toolba
Source: firefox.exe, 00000012.00000003.1787224897.0000026089649000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1931119897.0000026089658000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderHisto
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderInput
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderPriva
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderQuick
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/TelemetryTimesta
Source: firefox.exe, 00000012.00000003.1899641626.0000026089824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1654563149.000002608A1EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A1DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000012.00000003.1899641626.0000026089824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.0000026089821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1654563149.000002608A1EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A1DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000012.00000003.1793594580.0000026083716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000012.00000003.1875961076.0000026081440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1754943058.000002608E0A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1952022839.000002608E0A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000012.00000003.1968570584.0000026080A16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000012.00000003.1903606040.000002608371A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1793594580.0000026083716000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1965863469.000002608371A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000012.00000003.1834249040.0000026081CD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1834249040.0000026081CB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1554436942.00000260809FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp--panel-banner-item-info-icon-bgcolor
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000012.00000003.1975906663.000002608B0EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000012.00000003.1990780289.0000026080A2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2366729711.000002607FFBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1993243480.00000260805A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000012.00000002.2217793732.000002607150F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346533996.000002607F0BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1824056214.000002608803B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1875369371.000002608145D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2217793732.000002607156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000012.00000003.1712830361.000002608AA1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180resource://gre/modules/ExtensionSettingsStore.sy
Source: firefox.exe, 00000012.00000003.1720026615.0000026082660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000012.00000003.1618000723.0000026081D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000012.00000003.1720026615.0000026082660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000012.00000003.1712830361.000002608AA1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000012.00000002.2305260309.000002607E430000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000012.00000003.2166145472.0000026080933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000003.1791422572.00000260882E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1882696674.000002608A8DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000012.00000003.1849350940.000002608A466000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A136000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1649372851.000002608DCF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1766423453.000002608DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000012.00000002.2217793732.000002607150F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2217793732.0000026071532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1542813957.000002608AA4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000012.00000003.1719710800.0000026081D29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000012.00000003.1754943058.000002608E05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E062000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000012.00000003.1764523763.000002608E05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1754943058.000002608E05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1889488492.000002608E05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000012.00000003.1754943058.000002608E065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000012.00000003.1764523763.000002608E05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1754943058.000002608E05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1889488492.000002608E05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsFea
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E056000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000012.00000003.1656648685.0000026081D07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000012.00000003.1542813957.000002608AA4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000012.00000003.1656032549.0000026089EF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1975906663.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1731465353.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1589925680.0000026090A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1652749280.000002608B0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjssignon.firefoxRela
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2351287943.000002607F63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1598302743.000002607F63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000012.00000003.1754943058.000002608E065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917205686.0000026089E74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000003.1561501210.000002608941E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1560867890.0000026080DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000012.00000003.1561501210.000002608941E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1561501210.0000026089431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2
Source: firefox.exe, 00000012.00000003.1560867890.0000026080DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000012.00000002.2286864268.000002607D520000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordstrans
Source: firefox.exe, 00000012.00000003.1793594580.0000026083763000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1728146822.000002608E5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000012.00000003.1791823172.0000026088066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000012.00000003.1728146822.000002608E5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000012.00000003.1774223451.0000026089EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1Parent
Source: firefox.exe, 00000012.00000002.2305260309.000002607E436000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2173582690.000002607F01E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000012.00000003.2173582690.000002607F01E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.comX
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917205686.0000026089E74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000018.00000002.2046459331.000001DEC9B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000012.00000003.1848308520.000002608A80B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000012.00000003.1542813957.000002608AA4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotsresource://pdf.js/
Source: firefox.exe, 00000012.00000003.1728146822.000002608E5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000012.00000002.2217793732.000002607150F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881No
Source: firefox.exe, 00000012.00000003.2172429710.000002607FF55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2365008708.000002607FF5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1722797210.000002608DBD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1685705286.000002608ABF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000012.00000003.1848308520.000002608A80B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/18a3ac1c-1c7d-446f-8f95-525ba
Source: firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/296827db-8742-4ae9-adc0-14ee
Source: firefox.exe, 00000012.00000003.1978435224.0000026081456000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/2b608f70-7db5-4c81
Source: firefox.exe, 00000012.00000003.1978435224.0000026081456000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/42d4f0db-af16-412e
Source: firefox.exe, 00000012.00000003.1978435224.0000026081456000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2043654720.000002608145D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/4370f264-3edd-4348
Source: firefox.exe, 00000012.00000003.1967895335.00000260810F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/61fe81e4-623f-40b1
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2366729711.000002607FFBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1864eebe-a97d-4196-ba9e-40ba8339789c/health/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/4543e2b6-0dac-4484-972e-233c4ffdcfcd/first-s
Source: firefox.exe, 00000012.00000003.2043654720.000002608145D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/59f06e22-78e3-4143-9d34-bd19d6977013/main/Fi
Source: firefox.exe, 00000012.00000003.2046910121.000002607F0DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/639d6aff-3521-475f-a165-426024f2d9f0/health/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2366729711.000002607FFBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/717ed3b2-ea8b-46bf-926c-0346b661d09a/event/F
Source: firefox.exe, 00000012.00000002.2332508512.000002607ED15000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000026.00000002.2061678629.0000020413CAA000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000026.00000002.2061678629.0000020413CFD000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000026.00000002.2061678629.0000020413CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/82a4d6ca-10cf-48af-99bb-486a9877ccf2/main/Fi
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/c52da37e-6215-4698-a8c6-7dbc7928eb26/main/Fi
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000012.00000003.1968731297.0000026080986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000012.00000003.1998806021.000002607FFF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000012.00000003.1553791456.0000026080A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1993243480.00000260805A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000012.00000003.1793594580.0000026083716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000012.00000003.1656032549.0000026089EF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000012.00000003.1719710800.0000026081D29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2351287943.000002607F63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1598302743.000002607F63C000.00000004.00000800.00020000.00000000.sdmp, handlers.json.tmp.18.drString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sFailed
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sPlease
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%sextension/default
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttps://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000012.00000003.1824333132.000002607D2DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000012.00000003.1824333132.000002607D2DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000012.00000003.1824333132.000002607D2DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2217793732.00000260715D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2287797109.000002607D6BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000012.00000003.1968570584.0000026080A16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000012.00000003.1843500080.000002607EDC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000012.00000003.1824333132.000002607D2DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 00000012.00000002.2366729711.000002607FFA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000012.00000003.2129347167.000002607EB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2351287943.000002607F63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1598302743.000002607F63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sbrowser.download.viewableInternally.typeWasRe
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2048356610.000002607F0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1502734518.000002607F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sextractScheme/fixupChangedProtocol
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000012.00000002.2346306983.000002607F092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000012.00000003.1767813376.000002608DACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1765305126.000002608E00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913449137.000002608E00E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000012.00000002.2365008708.000002607FF49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000012.00000003.2184854442.000002607E459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000012.00000003.2184854442.000002607E459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000012.00000003.2184854442.000002607E459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000012.00000003.2184854442.000002607E459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000012.00000003.2184854442.000002607E459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000012.00000002.2366729711.000002607FF94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000012.00000002.2217793732.000002607156B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000012.00000003.1931283450.0000026088256000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1885865662.0000026088251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000012.00000003.1970262843.000002608095B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
Source: firefox.exe, 00000012.00000003.1970262843.000002608095B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000012.00000003.1815034293.0000026082379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000012.00000003.1824056214.000002608803B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2046910121.000002607F0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2001705738.000002607FF81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/experiment-apis/matchPatterns.js/shims/adsafeprotected-ima.js
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/experiment-apis/matchPatterns.js/shims/adsafeprotected-ima.js/shims/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.comhttps://support.mozilla.orgbrowser.handlers.migrationsdevice-connecte
Source: firefox.exe, 00000012.00000003.1656648685.0000026081D07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1872718974.00000260814C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000012.00000002.2294852207.000002607D762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000012.00000003.1686772979.000002608ABB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000012.00000003.1686772979.000002608ABB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000012.00000003.1819119906.000002608A4B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1731465353.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914771455.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1652560131.000002608B0F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2162986753.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1684133935.000002608B0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2https:
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000012.00000003.1656032549.0000026089EF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1778960061.0000026089E8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1961949412.0000026089E8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917205686.0000026089E8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000012.00000003.1988977572.0000026088051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000012.00000003.1988977572.0000026088051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1801703344.0000026082AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1654563149.000002608A1AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1690546794.000002608A1AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1773228829.000002608A1AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1916292472.000002608A1AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000012.00000003.1834249040.0000026081CD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1834249040.0000026081CB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1554436942.00000260809FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixelTerminatoryTelemetry:
Source: firefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1650689298.000002608DC61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2046910121.000002607F0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1566160051.000002608A5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000012.00000003.1802222532.0000026082A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1894303785.0000026082A9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000012.00000003.1875369371.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1730067396.000002608DCA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1841622338.000002608DCA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2173861499.000002607F009000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1875369371.000002608145D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1559835256.000002608DC8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1649945183.000002608DCA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000012.00000003.1563573925.0000026082C9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000012.00000003.1801144607.0000026082B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000012.00000003.1651318462.000002608D988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000012.00000003.1557862772.000002608AA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000012.00000003.1764523763.000002608E04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2046910121.000002607F0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000012.00000003.1884765315.000002608A434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.comhttps://addons.mozilla.org
Source: firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2183685814.000002607E47C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1728146822.000002608E5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000012.00000003.1975906663.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1731465353.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1652749280.000002608B0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000012.00000003.1562253809.000002608A17F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000012.00000003.1542813957.000002608AA4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 00000012.00000003.1690546794.000002608A166000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1589925680.0000026090A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2043654720.000002608144F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/missing
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000012.00000003.1860659875.000002607ED5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891380861.000002607ED5E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1845354601.000002607ED50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000012.00000003.1559835256.000002608DC41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000012.00000003.1549847446.000002608A4B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000012.00000003.1542536089.000002608A5BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService
Source: firefox.exe, 00000012.00000003.1651318462.000002608D9EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2043654720.000002608144F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000012.00000003.1651318462.000002608D9EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2325233442.000002607E77B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000012.00000003.1651318462.000002608D9EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=P-
Source: firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchget
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/AND
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000012.00000003.1875369371.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2043654720.000002608144F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000012.00000003.1960653380.000002608D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2305260309.000002607E436000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2173582690.000002607F01E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1650689298.000002608DC61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1960653380.000002608D93C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000012.00000003.1915965141.000002608A3F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 00000012.00000003.1561501210.000002608941E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1561501210.0000026089431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 00000012.00000003.1875369371.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000003.1975906663.000002608B0EC000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.18.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000012.00000003.1879241002.000002608D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1651318462.000002608D988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000012.00000003.1875369371.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000012.00000003.1762012513.000002608E58A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000012.00000003.1793594580.0000026083716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2267809356.000002607CEDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000012.00000003.2183685814.000002607E47C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1728146822.000002608E5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000012.00000003.1975906663.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1731465353.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1652749280.000002608B0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000012.00000003.1774100043.0000026089EF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1891449377.000002608A126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917126230.0000026089EF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1720026615.0000026082685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1961878419.0000026089EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1777850285.000002608A125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/get
Source: firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: classification engineClassification label: mal52.spyw.winMSG@42/67@55/9
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4896:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5096:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6908:120:WilError_03
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1572:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2196:120:WilError_03
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_03
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241226T0846550197-2920.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: firefox.exe, 00000012.00000003.1878513483.000002608DC0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000012.00000003.1973631906.000002608D99C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE moz_places SET foreign_count = foreign_count - 1 WHERE id = OLD.place_id;
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000012.00000003.1767813376.000002608DAF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1768392088.000002608DA49000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000012.00000003.1802222532.0000026082ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ReJIL-_Document_No._2500015903.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "13C184CF-6612-428C-9B3D-0B8B2FBB249B" "EC0390AB-FD20-4BC4-9931-1C7789466420" "2920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint --attempting-deelevation -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42f32c43-6ae8-4858-820e-356d2464dcf8} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2607156c510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 3968 -prefMapHandle 3888 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92d2cb94-0f6b-43f4-967c-ce8066be3f32} 876 "\\.\pipe\gecko-crash-server-pipe.876" 26082420310 rdd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5268 -prefMapHandle 5676 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b08b45-2597-49eb-84bd-a77bd444c4c4} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2608803cb10 utility
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Downloads\JIL-_Document_No._2500015903.GZ"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/92118fc7-b26d-4ba4-8aa3-ae9db125b705/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/8703f130-6e6f-4e45-878c-98abc4931698/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698
Source: C:\Program Files\Mozilla Firefox\pingsender.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\pingsender.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/82a4d6ca-10cf-48af-99bb-486a9877ccf2/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2
Source: C:\Program Files\Mozilla Firefox\pingsender.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text
Source: C:\Program Files\7-Zip\7zFM.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "13C184CF-6612-428C-9B3D-0B8B2FBB249B" "EC0390AB-FD20-4BC4-9931-1C7789466420" "2920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42f32c43-6ae8-4858-820e-356d2464dcf8} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2607156c510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 3968 -prefMapHandle 3888 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92d2cb94-0f6b-43f4-967c-ce8066be3f32} 876 "\\.\pipe\gecko-crash-server-pipe.876" 26082420310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5268 -prefMapHandle 5676 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b08b45-2597-49eb-84bd-a77bd444c4c4} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2608803cb10 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/92118fc7-b26d-4ba4-8aa3-ae9db125b705/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/8703f130-6e6f-4e45-878c-98abc4931698/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/82a4d6ca-10cf-48af-99bb-486a9877ccf2/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
Source: C:\Program Files\7-Zip\7zFM.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windows.storage.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wldp.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: profapi.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: propsys.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: thumbcache.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: policymanager.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: iertutil.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dataexchange.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: d3d11.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dcomp.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dxgi.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: edputil.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: urlmon.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: srvcli.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: netutils.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: sspicli.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: twinui.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windows.ui.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: inputhost.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: apphelp.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: actxprxy.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: appresolver.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: slc.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: userenv.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: sppc.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: pcacli.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: mpr.dll
Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: sfc_os.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wininet.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iertutil.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: sspicli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wldp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: profapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winhttp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mswsock.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winnsi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: urlmon.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: srvcli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: netutils.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: schannel.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: gpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wininet.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iertutil.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: sspicli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wldp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: profapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winhttp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mswsock.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winnsi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: urlmon.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: srvcli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: netutils.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: schannel.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: gpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wininet.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iertutil.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: sspicli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: wldp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: profapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winhttp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mswsock.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: winnsi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: urlmon.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: srvcli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: netutils.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: schannel.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: msasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: dpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: gpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dll
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dll
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dll
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dll
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 14
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 16
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdb SHA256 source: notepad.exe, 00000029.00000003.2365537601.0000024747C14000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdb source: firefox.exe, 00000012.00000003.1856332282.000002607EDBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1843210160.000002607EDE1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1914771455.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1837796332.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1915401926.000002608B09A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B098000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1837796332.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914771455.000002608B0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: esdsip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1914771455.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1837796332.000002608B0FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 00000012.00000003.1904391538.0000026082A85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1803349908.0000026082A85000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sxs.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000012.00000003.1804731767.0000026082599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1895545590.0000026082599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1935535546.0000026082599000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: coml2.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OpcServices.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8pwrshsip.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OneCoreCommonProxyStub.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000012.00000003.1849350940.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1884614326.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1849350940.000002608A445000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000012.00000003.1784916673.00000260896C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1824056214.0000026088051000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 00000012.00000003.1856332282.000002607EDBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8policymanager.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000012.00000003.1780214943.00000260898AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000012.00000003.1930039826.000002608E601000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 00000012.00000003.1775173222.0000026089E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917790730.0000026089E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1849350940.000002608A445000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshext.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: AppxSip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdb source: 7zFM.exe, 0000001D.00000003.2034665450.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2084015943.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000002.2489141705.00000292DBC00000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2075338168.00000292DBE0E000.00000004.00000020.00020000.00000000.sdmp, .text.29.dr
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1930039826.000002608E601000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 00000012.00000003.1915401926.000002608B090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1776751403.000002608B090000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 00000012.00000003.1843210160.000002607EDE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowsCodecs.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: KHVk.pdbSHA256 source: 7zFM.exe, 0000001D.00000003.2034665450.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2084015943.00000292DBC9C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000002.2489141705.00000292DBC00000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000001D.00000003.2075338168.00000292DBE0E000.00000004.00000020.00020000.00000000.sdmp, .text.29.dr
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1793594580.0000026083763000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 00000012.00000003.1849350940.000002608A454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1884614326.000002608A454000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000012.00000003.1753370602.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764013017.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1762012513.000002608E5CF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp110_win.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1899641626.0000026089870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1781364868.000002608986A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 00000012.00000003.1780214943.00000260898AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1779322711.0000026089E10000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msisip.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000012.00000003.1784916673.00000260896C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 00000012.00000003.1892674852.0000026082BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1799116811.0000026082B99000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8comctl32.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wintrust.pdb source: firefox.exe, 00000012.00000003.1775173222.0000026089E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1917790730.0000026089E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1775562202.0000026089E39000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000012.00000003.1760348326.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1784916673.000002608969E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1766715408.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1841622338.000002608DCAB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8thumbcache.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769224770.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdbP4 source: firefox.exe, 00000012.00000003.1764523763.000002608E01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913216218.000002608E023000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000012.00000003.1752360346.0000026090C76000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 00000012.00000003.1846738214.000002608A8A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000012.00000003.1769224770.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1914916955.000002608B0F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb,K source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000012.00000003.1776751403.000002608B087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1769703053.000002608ABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1817765785.000002608ABDC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000012.00000003.1757313515.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1913521294.000002608DFD0000.00000004.00000800.00020000.00000000.sdmp

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Windows\System32\OpenWith.exeRegistry value created: HKEY_CURRENT_USER_Classes\text_auto_file\shell\open\command %SystemRoot%\system32\NOTEPAD.EXE %1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\7-Zip\7zFM.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe TID: 2940Thread sleep count: 177 > 30Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: pingsender.exe, 00000026.00000002.2061678629.0000020413D2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWuR
Source: firefox.exe, 00000014.00000002.2095509109.0000019FF4600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
Source: firefox.exe, 00000012.00000002.2230099929.00000260731DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2080437400.0000019FF41D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2080437400.0000019FF41AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2109048774.000002281AA60000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000022.00000002.2060846986.0000026962FFA000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000023.00000002.2064210499.000002A7D097A000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000023.00000002.2064210499.000002A7D09CF000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000026.00000002.2061678629.0000020413CAA000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000026.00000002.2061678629.0000020413D2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000012.00000002.2267809356.000002607CEBF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: pingsender.exe, 00000023.00000002.2064210499.000002A7D09CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: OpenWith.exe, 00000028.00000002.2248944978.00000182CC282000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 00000018.00000002.2041202168.000001DEC98CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0=
Source: firefox.exe, 00000014.00000002.2095509109.0000019FF4600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
Source: firefox.exe, 00000018.00000002.2054536900.000001DEC9C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx`
Source: firefox.exe, 00000015.00000002.2085665523.000002281A30A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: pingsender.exe, 00000022.00000002.2060846986.0000026962FA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: firefox.exe, 00000012.00000002.2230099929.000002607320A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2095509109.0000019FF4600000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2109048774.000002281AA60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 00000012.00000002.2230099929.00000260731D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@9 s`
Source: firefox.exe, 00000017.00000002.1662859254.0000024D399C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"Jump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text VolumeInformation
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files\Mozilla Firefox\pingsender.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2
Source: C:\Program Files\Mozilla Firefox\pingsender.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698
Source: C:\Program Files\Mozilla Firefox\pingsender.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		11
Process Injection		11
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32		LSA Secrets14
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Extra Window Memory Injection		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580968 Sample: ReJIL-_Document_No._2500015... Startdate: 26/12/2024 Architecture: WINDOWS Score: 52 53 youtube-ui.l.google.com 2->53 55 www.youtube.com 2->55 57 28 other IPs or domains 2->57 67 AI detected potential phishing Email 2->67 9 firefox.exe 1 2->9         started        11 OUTLOOK.EXE 508 163 2->11         started        14 OpenWith.exe 2->14         started        17 5 other processes 2->17 signatures3 process4 file5 19 firefox.exe 9->19         started        47 C:\...\~Outlook Data File - NoEmail.pst.tmp, data 11->47 dropped 49 C:\Users\...\Outlook Data File - NoEmail.pst, Microsoft 11->49 dropped 51 C:\Users\user\AppData\Roaming\...51oEmail.srs, Composite 11->51 dropped 22 ai.exe 11->22         started        69 Sets file extension default program settings to executables 14->69 24 notepad.exe 14->24         started        26 firefox.exe 1 17->26         started        28 firefox.exe 17->28         started        30 notepad.exe 17->30         started        signatures6 process7 dnsIp8 59 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49716, 49717, 49724 GOOGLEUS United States 19->59 61 push.services.mozilla.com 34.107.243.93, 443, 49734 GOOGLEUS United States 19->61 63 7 other IPs or domains 19->63 32 pingsender.exe 19->32         started        35 pingsender.exe 19->35         started        37 pingsender.exe 19->37         started        39 3 other processes 19->39 process9 signatures10 65 Tries to harvest and steal browser information (history, passwords, etc) 32->65 41 conhost.exe 32->41         started        43 conhost.exe 35->43         started        45 conhost.exe 37->45         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.inbox.lv/rfc2368/?value=%shttps://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandle0%Avira URL Cloudsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=16965812014006000%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		high
    star-mini.c10r.facebook.com
    		157.240.195.35
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		high
          twitter.com
          		104.244.42.65
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.193.91
              		truefalse
                		high
                dyna.wikimedia.org
                		185.15.58.224
                		truefalse
                  		high
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		high
                    contile.services.mozilla.com
                    		34.117.188.166
                    		truefalse
                      		high
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      		34.160.144.191
                      		truefalse
                        		high
                        youtube-ui.l.google.com
                        		172.217.19.174
                        		truefalse
                          		high
                          reddit.map.fastly.net
                          		151.101.193.140
                          		truefalse
                            		high
                            ipv4only.arpa
                            		192.0.0.171
                            		truefalse
                              		high
                              prod.ads.prod.webservices.mozgcp.net
                              		34.117.188.166
                              		truefalse
                                		high
                                push.services.mozilla.com
                                		34.107.243.93
                                		truefalse
                                  		high
                                  normandy-cdn.services.mozilla.com
                                  		35.201.103.21
                                  		truefalse
                                    		high
                                    telemetry-incoming.r53-2.services.mozilla.com
                                    		34.120.208.123
                                    		truefalse
                                      		high
                                      www.reddit.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        spocs.getpocket.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          content-signature-2.cdn.mozilla.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            firefox.settings.services.mozilla.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              www.youtube.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                www.facebook.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  detectportal.firefox.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    normandy.cdn.mozilla.net
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      shavar.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.wikipedia.org
                                                        		unknown
                                                        		unknownfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          http://www.inbox.lv/rfc2368/?value=%shttps://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandlefirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://detectportal.firefox.com/firefox.exe, 00000012.00000003.2184251069.000002607E473000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://services.addons.mozilla.orgfirefox.exe, 00000012.00000003.1970262843.0000026080963000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://datastudio.google.com/embed/reporting/firefox.exe, 00000012.00000003.1719710800.0000026081D29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.amazon.com/exec/obidos/external-search/missingfirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000012.00000003.1542813957.000002608AA4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2217793732.00000260715D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.leboncoin.fr/firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://mozilla.org/#/properties/pagesNumSampledVisitsfirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://mozilla.org/#/properties/originsDaysCutOfffirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 00000012.00000003.1988977572.0000026088051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1801703344.0000026082AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://screenshots.firefox.comfirefox.exe, 00000012.00000002.2345197760.000002607F061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2046910121.000002607F0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2346899936.000002607F0CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 00000012.00000003.1824333132.000002607D2DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://shavar.services.mozilla.comfirefox.exe, 00000012.00000003.1686772979.000002608ABB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://completion.amazon.com/search/complete?q=firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000012.00000003.1834249040.0000026081CD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1834249040.0000026081CB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1554436942.00000260809FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000012.00000003.2070611228.000002608E512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeServicefirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000012.00000003.1754943058.000002608E047000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000012.00000003.1690546794.000002608A166000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1978435224.000002608144B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1589925680.0000026090A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2043654720.000002608144F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://profiler.firefox.com/firefox.exe, 00000012.00000002.2346306983.000002607F092000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.msn.comfirefox.exe, 00000012.00000003.1793594580.0000026083716000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Nofirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drfalse
                                                                                                                                		high
                                                                                                                                http://mozilla.org/#/properties/cbhStudyRowfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501351577.000002607EE16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1501042666.000002607EC00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://mail.google.com/mail/?extsrc=mailto&url=%sPleasefirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1566160051.000002608A5EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://exslt.org/setsfirefox.exe, 00000012.00000002.2257824444.000002607CD27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://mozilla.org/#/properties/cbhStudyUsfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000012.00000003.2166145472.0000026080933000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000012.00000003.1651318462.000002608D95B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://mozilla.org/#/properties/extraParamsfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2https:firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://api.accounts.firefox.com/v1firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://exslt.org/commonfirefox.exe, 00000012.00000002.2257824444.000002607CD27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ok.ru/firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.amazon.com/firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://fpn.firefox.comfirefox.exe, 00000012.00000002.2305260309.000002607E436000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2173582690.000002607F01E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000012.00000003.1754943058.000002608E05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1764523763.000002608E062000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.widevine.com/firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://exslt.org/dates-and-timesfirefox.exe, 00000012.00000002.2257824444.000002607CD64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2280917706.000002607D386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600firefox.exe, 00000012.00000002.2257824444.000002607CDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2054891163.000001DEC9D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://mozilla.org/#/properties/filterFetchResponsefirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.youtube.com/firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1562253809.000002608A140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000012.00000003.1720026615.0000026082660000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.iqiyi.com/ANDfirefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://mozilla.org/#/properties/enabledfirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.bbc.co.uk/firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000012.00000003.1757584360.000002608DF8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9BC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://127.0.0.1:firefox.exe, 00000012.00000002.2217793732.000002607156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000012.00000003.1656648685.0000026081D07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://bugzilla.mofirefox.exe, 00000012.00000003.1757584360.000002608DF4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://mitmdetection.services.mozilla.com/firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2120349387.000002607EB38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://shavar.services.mozilla.com/firefox.exe, 00000012.00000003.1686772979.000002608ABB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000012.00000003.1764523763.000002608E05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1754943058.000002608E05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1889488492.000002608E05F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 00000012.00000003.1988977572.0000026088051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2096009727.000002281A50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2046459331.000001DEC9B0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.iqiyi.com/firefox.exe, 00000012.00000003.1815034293.000002608236F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2294852207.000002607D7DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1774563046.0000026089E68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://exslt.org/stringsfirefox.exe, 00000012.00000002.2217793732.0000026071503000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://addons.mozilla.org/firefox.exe, 00000012.00000003.1968570584.0000026080A16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://mail.yahoo.co.jp/compose/?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%sextension/defaultfirefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000012.00000002.2294852207.000002607D772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000012.00000002.2294852207.000002607D762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://mozilla.org/#/properties/pagesAlternativeEnablefirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000012.00000003.1971768119.0000026089523000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000012.00000002.2257824444.000002607CD52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://normandy.cdn.mozilla.netfirefox.exe, 00000012.00000002.2366729711.000002607FFA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1999428702.000002607FF8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1Parentfirefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://static.adsafeprotected.com/firefox-etp-pixelTerminatoryTelemetry:firefox.exe, 00000012.00000002.2294852207.000002607D703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000018.00000002.2044299581.000001DEC9AB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                              34.149.100.209
                                                                                                                                                                                                                                                              		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                              34.107.243.93
                                                                                                                                                                                                                                                              		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                              34.107.221.82
                                                                                                                                                                                                                                                              		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                              35.244.181.201
                                                                                                                                                                                                                                                              		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                              34.117.188.166
                                                                                                                                                                                                                                                              		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                              		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                              151.101.193.91
                                                                                                                                                                                                                                                              		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                              		54113FASTLYUSfalse
                                                                                                                                                                                                                                                              35.190.72.216
                                                                                                                                                                                                                                                              		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                              34.160.144.191
                                                                                                                                                                                                                                                              		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                              Analysis ID:1580968
                                                                                                                                                                                                                                                              Start date and time:2024-12-26 14:46:22 +01:00
                                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                              Overall analysis duration:0h 6m 33s
                                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                              Number of analysed new started processes analysed:45
                                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                                              Sample name:ReJIL-_Document_No._2500015903.msg
                                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                                              Classification:mal52.spyw.winMSG@42/67@55/9
                                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                                              • Found application associated with file extension: .msg

                                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, Microsoft.Photos.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 52.109.76.243, 2.19.198.208, 23.32.238.82, 52.109.89.119, 13.89.179.13, 52.40.120.141, 44.237.186.112, 44.228.225.150, 142.250.181.138, 172.217.17.74, 20.231.128.65, 23.218.208.109, 20.12.23.50, 34.120.208.123
                                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, incoming.telemetry.mozilla.org, aus5.mozilla.org, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, safebrowsing.googleapis.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, shavar.prod.mozaws.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, prod.roaming1.live.com.akadns.net, weu-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope
                                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetValueKey calls found.

                                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                                              08:47:06API Interceptor3x Sleep call for process: OpenWith.exe modified
                                                                                                                                                                                                                                                              08:47:47API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                              08:48:43API Interceptor12x Sleep call for process: notepad.exe modified

                                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              34.117.188.166cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                        gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  151.101.193.91cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                    nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                      34.149.100.209cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                        NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                          example.orgNetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                          twitter.comNetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                                                                                                                                          http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                          star-mini.c10r.facebook.comhttps://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                          http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                          https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 157.240.196.35

                                                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGCanvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                          Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                          cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                          https://property-management-portal.replit.app/%2520%2522https:/property-management-portal.replit.app/%2522Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.33.233
                                                                                                                                                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                          https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                          • 34.67.241.53
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                          nshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 34.66.142.1
                                                                                                                                                                                                                                                                                                                          FASTLYUShttp://booking.extranetguests.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                          Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.192.217
                                                                                                                                                                                                                                                                                                                          xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 23.185.30.197
                                                                                                                                                                                                                                                                                                                          https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                          https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.65.229
                                                                                                                                                                                                                                                                                                                          Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                                                                                                                                          https://yungbucksbbq.com/portbiz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                          http://assets.website-files.com/65efffe8d4e10d26910f0543/65f65633ab8b2f021b357c18_64146967722.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.1.140
                                                                                                                                                                                                                                                                                                                          https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                                                                                                                                          Audio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSxd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 48.226.14.3
                                                                                                                                                                                                                                                                                                                          xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 48.82.97.179
                                                                                                                                                                                                                                                                                                                          xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 34.56.199.147
                                                                                                                                                                                                                                                                                                                          xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 57.42.114.35
                                                                                                                                                                                                                                                                                                                          xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 32.75.117.204
                                                                                                                                                                                                                                                                                                                          telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 51.94.47.163
                                                                                                                                                                                                                                                                                                                          telnet.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 32.130.37.132
                                                                                                                                                                                                                                                                                                                          armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 48.48.196.147
                                                                                                                                                                                                                                                                                                                          armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 48.202.198.7
                                                                                                                                                                                                                                                                                                                          armv6l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 32.175.82.122

                                                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcaNetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                          • 34.160.144.191

                                                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a786ec37-1085-43da-ba5e-5bb869c0ae68.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):7917
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.174388436866785
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:xLMXVhicbhbVbTbfbRbObtbyEl7niGPYAtJA6UnSrDtT5d/S9hn:xwycNhnzFSJCGPYAoLnSrDh5d/y
                                                                                                                                                                                                                                                                                                                          MD5:78BBA43B292B6043CF4032D0F05F2084
                                                                                                                                                                                                                                                                                                                          SHA1:C4E8770F7F08E80EAAFBD770B7DC526D727D702D
                                                                                                                                                                                                                                                                                                                          SHA-256:20F796AC78ECA5E3EF0DF81C63A149F5B420D542C37D96836D98A154DF0C9237
                                                                                                                                                                                                                                                                                                                          SHA-512:967A1B7ED5CCC094B6A40DFBD1BF6B3A99D5C029080C3AD7DEB53767DC567B0B8B422F72BA8D4E16A3923219E779D34F7BD1EDAC5B1C4524177BB2EEA2E9C467
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"a786ec37-1085-43da-ba5e-5bb869c0ae68","creationDate":"2024-12-26T14:53:04.527Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a786ec37-1085-43da-ba5e-5bb869c0ae68.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):7917
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.174388436866785
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:xLMXVhicbhbVbTbfbRbObtbyEl7niGPYAtJA6UnSrDtT5d/S9hn:xwycNhnzFSJCGPYAoLnSrDh5d/y
                                                                                                                                                                                                                                                                                                                          MD5:78BBA43B292B6043CF4032D0F05F2084
                                                                                                                                                                                                                                                                                                                          SHA1:C4E8770F7F08E80EAAFBD770B7DC526D727D702D
                                                                                                                                                                                                                                                                                                                          SHA-256:20F796AC78ECA5E3EF0DF81C63A149F5B420D542C37D96836D98A154DF0C9237
                                                                                                                                                                                                                                                                                                                          SHA-512:967A1B7ED5CCC094B6A40DFBD1BF6B3A99D5C029080C3AD7DEB53767DC567B0B8B422F72BA8D4E16A3923219E779D34F7BD1EDAC5B1C4524177BB2EEA2E9C467
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"a786ec37-1085-43da-ba5e-5bb869c0ae68","creationDate":"2024-12-26T14:53:04.527Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):231348
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.380353789065982
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:pDg9MWgemiGu2BqoQbrt0FvRBA2G6yDHQ:ph0mi2kqA2G6yDw
                                                                                                                                                                                                                                                                                                                          MD5:0D93336FFF501CD77AA7623940FEB97F
                                                                                                                                                                                                                                                                                                                          SHA1:5716CBC2228D5A35D8061FA06D733CF2F67C8CDC
                                                                                                                                                                                                                                                                                                                          SHA-256:E276FD45247347DE57270891FD533F0F65FFE7EA1EFF58AA899B777CAD5D5811
                                                                                                                                                                                                                                                                                                                          SHA-512:3E84CCD6AC8B67D5167CBF736D82FD31D526A04FD7F2EBBFF48705623BC01BF9AFDDF2310E6D588A19F76E4A015E077F78CA5C28071217EC3898D6E14EE1E727
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:TH02...... ......W......SM01X...,....Y...W..........IPM.Activity...........h...............h............H..h4.......)@.C...h...........H..h\cal ...pDat...h.;..0..........h.G.(...........h........_`Pk...h.D.(@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h.R............#h....8.........$h.......8....."h.S......0W....'h..............1h.G.(<.........0h....4....Uk../h....h.....UkH..h(...p...4.....-h ............+h.F.(....(.......6.0.-.4.7.0. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):322260
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.000299760592446
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                                                                                                                                                                                                                                                          MD5:CC90D669144261B198DEAD45AA266572
                                                                                                                                                                                                                                                                                                                          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                                                                                                                                                                                                                                                          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                                                                                                                                                                                                                                                          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.5219280948873624
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:LHH:jH
                                                                                                                                                                                                                                                                                                                          MD5:36B8D58440951F8E37984678AAA00D33
                                                                                                                                                                                                                                                                                                                          SHA1:F9250697035B62859E9BB977D35F70415D31D45F
                                                                                                                                                                                                                                                                                                                          SHA-256:25A446B98E7DA44D4F0BD6B34A2893EE7EF768274D37D7148074416C8447DC0A
                                                                                                                                                                                                                                                                                                                          SHA-512:65CB455BA18C13F7AEC42EBC217F21A2FB7E367A26413D15FB40629B195E6F8283F5DFB3F0CC055102E6CDE68E4CA286191441F915470237DB61AF5EAD1FD2FA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:1735220822

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.09216609452072291
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                                                                                                                                                                          MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                                                                                                                                                                          SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                                                                                                                                                                          SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                                                                                                                                                                          SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4616
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.13760166725504608
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:7FEG2l+1qNi/sH/FllkpMRgSWbNFl/sl+ltlslVlllfllr:7+/lxMKg9bNFlEs1EP/7
                                                                                                                                                                                                                                                                                                                          MD5:7E50EA4E33F3C74CD03EFAC66FEF3B5E
                                                                                                                                                                                                                                                                                                                          SHA1:B61A2C6333DEB524E119F7F1485435591AD94BE3
                                                                                                                                                                                                                                                                                                                          SHA-256:AA3DA714A014264505C1EC0E4E3B297385C4A88E889A23667E8ABAF17DA09550
                                                                                                                                                                                                                                                                                                                          SHA-512:353FDF3DC4ACD8D0A67DCAD5B3A05B85E1AF1329E724296C0449DA87792C4E3C7D0D3E9B107EC8E2027A1B8D5D5AF43646CED80FE823CF2A0ECF406483292497
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.... .c........s....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0441720588658491
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G4l2Rw/90oIWAl2Rw/90oI1lWlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2m/90pWAl2m/90paL9XXPH4l942U
                                                                                                                                                                                                                                                                                                                          MD5:310F24D128F779F703F5FC26F08920F5
                                                                                                                                                                                                                                                                                                                          SHA1:C4625E24D1D0083CE64FBDBBE2954FB9948B7B76
                                                                                                                                                                                                                                                                                                                          SHA-256:C332D1CDE9C785C1DA7A89BE54E52E9CA608336AAF1B94EB697D6E89F906EF4C
                                                                                                                                                                                                                                                                                                                          SHA-512:DC0BC1754C7191B7A8D7B53EC6899AE1156F876C70D1DF7016FECF3B96A556172266CE93F207786B9401325F50B5E33D7575454EEC06CC0ECAF33728853C9AE3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:..-........................*...1..E...]1.-*^....-........................*...1..E...]1.-*^..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):45352
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.3935580634236493
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:KhFpoSQ3zRDHlUll7DBtDi4kZERDuo0zqt8VtbDBtDi4kZERD7:AFpoSQ15Ull7DYMCo0zO8VFDYMP
                                                                                                                                                                                                                                                                                                                          MD5:F9A580CE9DD60605DD52EB5CEC98EB03
                                                                                                                                                                                                                                                                                                                          SHA1:2C80F9853DD6CEFEF71DCC3753242ED89C27C8CA
                                                                                                                                                                                                                                                                                                                          SHA-256:C937449ADCAAF8D4BCA2D832BF9CA2D6FF47392943C2A03BC817E1952222484B
                                                                                                                                                                                                                                                                                                                          SHA-512:1A2688BF940F541DDD7447B59A785B3F1333EC0E055B1E7623DC6F6A18808D37108EEE8B4AE1CBCA8608C483E247ED13BF0D181E8F195D118B395CBB7CFC6D78
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:7....-...........1..E.....4.E............1..E......[.K6.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.853977903353235
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxsxxdyxl9Il8uErIIC7Ul+US3hobkM5lpfPj9pzXHy5Jd1rc:vIYyrIIC7kSKp5lBPjP5
                                                                                                                                                                                                                                                                                                                          MD5:46BA2A49BF18A7A9D096568F15991ED7
                                                                                                                                                                                                                                                                                                                          SHA1:8A3F557B27C7B65B451007CBE82D0A7D8397FF4B
                                                                                                                                                                                                                                                                                                                          SHA-256:1791DCD3454963B13FE79AA6406750CD100A1AD6371F59C71AFCAF6372F37EBF
                                                                                                                                                                                                                                                                                                                          SHA-512:B1B18A5171FF767415C61B18CEB382F633CB61BC9360DDE0F87F4DB4F6919C0AB6CD71101696D46C16B3BA967CA8344C9E96CFE25937217FA7970F2702D9D95D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.L.M.+.B.K.V.X.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.U.K.W.F.g.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8996684870442073
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxJxgxl9Il8uErxBbApHN2kLyR3jbpsB9KVMLopnlf7d/vc:tYyrxB41wvpW8nw
                                                                                                                                                                                                                                                                                                                          MD5:FE0FDC2376599F20F9B794764045F7B1
                                                                                                                                                                                                                                                                                                                          SHA1:2C251701EBC5E2DA05DCC7073BEF8D2BF4663433
                                                                                                                                                                                                                                                                                                                          SHA-256:2EE845DD4A2EC14AA6B0DB4EC79D19A35D6A517F294895745B4BABFD4DBBF72C
                                                                                                                                                                                                                                                                                                                          SHA-512:EC54FEC22D20E15DA903A69236C6A9BFB029D0E5FA1B92E028E6B8C95AD22FA3D2BA77FBFE0EEBF6215517D1B270F522BC0DB37FF2EC12BE8E08703EDEDA3FA7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:."./.c.a.f.G.2.5.2.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.U.K.W.F.g.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4542
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.993325098891957
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:QYyrz0W4ha06U6l7hgRdaQe+/NBzLOhUWxudSOHE:QPMWkalhl7hN+FBvOhgk
                                                                                                                                                                                                                                                                                                                          MD5:A09E4175955D5374DA07F00B0C7A481A
                                                                                                                                                                                                                                                                                                                          SHA1:7E6F86CAFD14F2BC9BFC9674E7DC55444E12B967
                                                                                                                                                                                                                                                                                                                          SHA-256:2FF208E700B7BBE031ABC7C5A4872A8F1A523EF599F0A07D1FB92513495C8E25
                                                                                                                                                                                                                                                                                                                          SHA-512:C4A22E6A88142A079BEFE04E3C50C982A6B63A6A58A67456B808C41C5B373AF8D3A445B452A0AF319C3B9F640B4E0BE870F6605F08AE1D908C9A69126DCFE9B1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".P.a.A.q.6.p.x.X.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.U.K.W.F.g.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D3FDD3CE.dat

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:PNG image data, 92 x 39, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):6594
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.963037255297296
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:HsFdE0rKFalSEDSjWt5fTSJ91T46gCIkGLuBhNxxoVRu:JPsDS65+918NClAuBhjxL
                                                                                                                                                                                                                                                                                                                          MD5:80CD194417F64C007F8E6464B34C8C00
                                                                                                                                                                                                                                                                                                                          SHA1:C92790AFF769A9E67894A9627454370D6003EEB3
                                                                                                                                                                                                                                                                                                                          SHA-256:929922DDA0734AEB648500E5F2A6B76072D414867F7AB0252D4E482DE074A395
                                                                                                                                                                                                                                                                                                                          SHA-512:C3E1CB28350F9935E3164B6153E324A8A9E333D8089B8A000025EA63DE1225BF80EBBE1164A578A67C24E3FB25947D557E31684F02D08249E6C77A06A2C78308
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...\...'......./Z....sRGB.........gAMA......a.....pHYs..........o.d...WIDAThC.Zgx.U........A.GzUA.Q...\..\...)C...i..N.:.!.T.*H...B..B.%.@ ..s....2Ox.....b........^.]k}.6x.^h{...n/....%./...............^...[k.uF.`..j..U...k....Hg.f..P...a@..F..8D..3=.K....2....#.k.z>.F......0._.....GP............9..s.....-.y..._.6A#:@.Z.6.^.V...M..9.L&.......o.I...7Cml..G.-.t.O..v.{u5<.....(:.....H....B.4....L}8.J.{(..l{...={....Ne5N..FiI5....S58u...J....]......8q...N...U(=^.q.8{......s.\'A7...5./...e.q...JO...i....3.*.4.y....\.....o.e..S....w.M..U..]wy..v.={+.{O.....WP..:..}...m....W..{y..6......\Y%T..8z.&N..p....NT..X.u......Pr.&..5...8z..N.z..%.p.R..p......p..M.?Q.3gn....|bd...A.J......v.9..7..{.c..H.....?Z.k.f..o.....6$....bP.`.3p......>..+*4.wP..#w...A..7...e.O.4...o..@..a.>e..T........E............9.}.HC.W..S..|-...7^.G.n...=..w.G..1..z....u.s.p......?.......IcW..1...].w.,....#.o.Y.w./F.....7...E.7" 0.....}..g...E!...O4"+.0.......`..X.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903 (002).GZ

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):583286
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.996328018506881
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM50:EqBtRwrv4aVbQfFoGMu
                                                                                                                                                                                                                                                                                                                          MD5:04CAC86B62C708C6BA2A15A4B2692187
                                                                                                                                                                                                                                                                                                                          SHA1:A47A5BF4F198EDCB77CE628B7375B2B8ACDB903C
                                                                                                                                                                                                                                                                                                                          SHA-256:992AF75446DF3C44B9AACDD44E756C57610458970C2472BB7A1C397E9B2A3335
                                                                                                                                                                                                                                                                                                                          SHA-512:AA6E09BB6FF7382C98DD493838012FE70D53695298B1234B02C48572262B05FA199DC3A6543AC67D83633040B11A532627A07396904DD07E32311D69A025A469
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:PNGMSCF....s.......,............................$.........Y.? .Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG......$.....Y.? . ......$.....YK> .JIL-_Document_No._2500015903.scr.g.. aA..CK.}.\.M..$.....:.H....{...A. .i.,`A@..(b.....fE...........X...ww.d....}...0{...9.3;;s...:.d...p.]`.p8.p.?0..6.."...C...@..DDDEED.DEDD(..b.A.J..I(H....*(.jhh.Ru.u....5Tq$....OR@@RS.....hj..k.k....|M==8...du`....p...@...pb.....q.2n..H..'.`..?.<.;.......x....N".....=x2 ...j....X.....&gm.q.......v..!.Qz..".?j.vd.$D.....@R.l..e2...6v.;n..YP.. .}.l...lr:Y.......O&....U`.O...^D.........r{.d.h.Y...[....6..f...}...+.........*.j<.oQ(k>v+D..oE.t...)!.o..?.,.4......y'`a.y.v...."..>._TS...`..%wU..}..[.`}7g.U...Gk..5.M.\_k.....#..*.......;..9c.|@..W"1...D\.....|.._y..Z..9...Wva7s7.ava../{..\..#.&.X.................N..Y.f.-mJ..H...C.<........}.F.^^.0..rl.k.*.[.F.^..K.h-~.xQg.....f9-9)...|C...E....',3l..".......cC..n..(?...+........d*.F......-i..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903 (002).GZ:Zone.Identifier

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                                                                                                                                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                                                                                                                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                                                                                                                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                                                                                                                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):583286
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.996328018506881
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM50:EqBtRwrv4aVbQfFoGMu
                                                                                                                                                                                                                                                                                                                          MD5:04CAC86B62C708C6BA2A15A4B2692187
                                                                                                                                                                                                                                                                                                                          SHA1:A47A5BF4F198EDCB77CE628B7375B2B8ACDB903C
                                                                                                                                                                                                                                                                                                                          SHA-256:992AF75446DF3C44B9AACDD44E756C57610458970C2472BB7A1C397E9B2A3335
                                                                                                                                                                                                                                                                                                                          SHA-512:AA6E09BB6FF7382C98DD493838012FE70D53695298B1234B02C48572262B05FA199DC3A6543AC67D83633040B11A532627A07396904DD07E32311D69A025A469
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:PNGMSCF....s.......,............................$.........Y.? .Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG......$.....Y.? . ......$.....YK> .JIL-_Document_No._2500015903.scr.g.. aA..CK.}.\.M..$.....:.H....{...A. .i.,`A@..(b.....fE...........X...ww.d....}...0{...9.3;;s...:.d...p.]`.p8.p.?0..6.."...C...@..DDDEED.DEDD(..b.A.J..I(H....*(.jhh.Ru.u....5Tq$....OR@@RS.....hj..k.k....|M==8...du`....p...@...pb.....q.2n..H..'.`..?.<.;.......x....N".....=x2 ...j....X.....&gm.q.......v..!.Qz..".?j.vd.$D.....@R.l..e2...6v.;n..YP.. .}.l...lr:Y.......O&....U`.O...^D.........r{.d.h.Y...[....6..f...}...+.........*.j<.oQ(k>v+D..oE.t...)!.o..?.,.4......y'`a.y.v...."..>._TS...`..%wU..}..[.`}7g.U...Gk..5.M.\_k.....#..*.......;..9c.|@..W"1...D\.....|.._y..Z..9...Wva7s7.ava../{..\..#.&.X.................N..Y.f.-mJ..H...C.<........}.F.^^.0..rl.k.*.[.F.^..K.h-~.xQg.....f9-9)...|C...E....',3l..".......cC..n..(?...+........d*.F......-i..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ:Zone.Identifier

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                                                                                                                                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                                                                                                                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                                                                                                                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                                                                                                                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{5934E07B-377C-4964-83D6-139655629D6E}.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4164
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.8621540954554456
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Cs/+LdtepRaNFfakyqHDZjGG1cxg70EibNRgggg4rzFqOAKma8gYys:lmLDeLWy89GGOgIdRgggg4NbAKBw
                                                                                                                                                                                                                                                                                                                          MD5:F2DBC451C8C167ED5E435613B34CFBFA
                                                                                                                                                                                                                                                                                                                          SHA1:4B609D8DD6C427B74FFCA48ECA87425F6EDAFEF3
                                                                                                                                                                                                                                                                                                                          SHA-256:8A3F20D7C43FB766ED1DA656059A864189F0F4487AF906B1564795A38E41B515
                                                                                                                                                                                                                                                                                                                          SHA-512:4F7F6ED6E7FE7557D174EB5A27ECA73795DF59AFC506D4179285B1FB3B081F9749BB42D913E1461EDB858B8FA16D5FABB4DF6704B8531D856BB556E41333DE40
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:....C.A.U.T.I.O.N.:. .T.H.I.S. .M.E.S.S.A.G.E. .I.S. .F.R.O.M. .A.N. .E.X.T.E.R.N.A.L. .S.E.N.D.E.R.............................................................................................................................................................................................................................................................................................................................................................................................................................................................(...T...............0...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1774
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.434944528364487
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:ft0tzGqcbKJvFXfqIKfC3I8fwlVtVk0VlqCMCl1N5MW97XSJMO13bMCl61PNHqwY:lC6KDv8Cz4VtVHqCBeW4uKbSKwY
                                                                                                                                                                                                                                                                                                                          MD5:AD0AB917565A1026E598A366D33430EC
                                                                                                                                                                                                                                                                                                                          SHA1:9FCDE913B756DBD0BEF20481BE82C1B969603899
                                                                                                                                                                                                                                                                                                                          SHA-256:6EC7F0740CB425F37017BB845FA2C6CDA94B7551A7550E17B0826C94D7BD7BFB
                                                                                                                                                                                                                                                                                                                          SHA-512:69FD5DD4F27F458396862571AB85E130B168740E478D62A7E6174437BF1C3A22109C422BA0AE67F14AC1C6710ACFAA45AAF829F2B0F41B975B653FE34BEE52CC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:F.I.L.E.V.E.R.S.I.O.N. . . . .1.,.0.,.0.,.0.....P.R.O.D.U.C.T.V.E.R.S.I.O.N. .1.,.0.,.0.,.0.....F.I.L.E.F.L.A.G.S.M.A.S.K. . .0.x.3.F.....F.I.L.E.F.L.A.G.S. . . . . . .0.x.0.....F.I.L.E.O.S. . . . . . . . . .V.O.S._.U.N.K.N.O.W.N. .|. .V.O.S._._.W.I.N.D.O.W.S.3.2.....F.I.L.E.T.Y.P.E. . . . . . . .V.F.T._.A.P.P.....F.I.L.E.S.U.B.T.Y.P.E. . . . .0.x.0.....{..... . .B.L.O.C.K. .".V.a.r.F.i.l.e.I.n.f.o."..... . .{..... . . . .V.A.L.U.E. .".T.r.a.n.s.l.a.t.i.o.n.".,. .0.x.0.,. .1.2.0.0..... . .}..... . .B.L.O.C.K. .".S.t.r.i.n.g.F.i.l.e.I.n.f.o."..... . .{..... . . . .B.L.O.C.K. .".0.0.0.0.0.4.b.0."..... . . . .{..... . . . . . .V.A.L.U.E. .".C.o.m.m.e.n.t.s.".,. . . . . . . . . . ."."..... . . . . . .V.A.L.U.E. .".C.o.m.p.a.n.y.N.a.m.e.".,. . . . . . . .".M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n."..... . . . . . .V.A.L.U.E. .".F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.".,. . . .".P.a.c.k.a.g.e.d. .C.W.A. .L.a.u.n.c.h.e.r."..... . . . . . .V.A.L.U.E. .".F.i.l.e.V.e.r.s.i.o.n.".,. . . . . . . .".1...0.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7zO4592FD2E\Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 280x180, components 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):9426
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.945562385919145
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:mGWUrBWois/HMtEuvYeGxlmp3juW1CmHOl2EhuSVtOXn:mS2sPr+YeMgNj93Ol2oVSn
                                                                                                                                                                                                                                                                                                                          MD5:DC156637AEBF04336700A9BC71C78AAD
                                                                                                                                                                                                                                                                                                                          SHA1:EC388FCDD4A3228BB1202412C8D25386EAC63114
                                                                                                                                                                                                                                                                                                                          SHA-256:E739A88AC8FB4FEFA998F8DBF4402A8D7A22EB079EDD05BEE412C4D4C99014EB
                                                                                                                                                                                                                                                                                                                          SHA-512:8DF48DC4F32FDCE4AF890770E988FB47AB1E35E106F8EFD73BF056D5E4A6B22F7EE975F9F440399AA06379B9D3809E85F92A2A3A2547AA1866759241C96509EB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:......JFIF...................................................( ..%...!=!%)+.....383-7(-.+.........../%.&----/1--.-05-----7/55--.--/-----2-.--------.--5---...........".......................................C........................!1.".2AQa..Rqr.....#B.3b.....S....$..Cc.4.............................)......................!AQ..1..aq.."2...............?...F. .7..*...P|.<.."....."B.f(C..T1:...y.i......U.Fl..[.........%...a$.X......sa@.Y..[w\=..-8ub..[Ml@l.. ..n.fL..]..u...S=.|..(.YQ......C.........n..Gpd....+.......k...<......[....j..e.{m6..xh..).A,o.@.W....Q@QE...W...R......nODZ,.....s..1..k9e...oCEy~#.1..&...il.:P.J.!td.6...,.`x.%.f*...C.0.@;.U...oS..^]....8N?..s..K.....R.3.....nw:..Ar..n...kb..\$..s.m>.S..e....._(.z0......7.. .".Q...:4.$.^?..m..>0....JA.S"g..}g..[n~./M.......x.1.EV...9..8g....E.B....i.\..[... .f3....2....v..._.......).k9..E.jJ.D<..3....5........./.....+.jYHV..72...5F..i...F<...(.9......J.o8?.TG.....bW.k.....qU..X...' <......y.....N+......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7zO459ACD8E\1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):490
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0011168136751865
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:JiMVBd6OjzZbRu9Td8HW/5TiyEGWBRu9TO/STfUpRu9TNNciWkY2x8RTdN9TIHz:MMHdtj3O5lEGaN/2UjMNciC2xA5NEz
                                                                                                                                                                                                                                                                                                                          MD5:B7DB84991F23A680DF8E95AF8946F9C9
                                                                                                                                                                                                                                                                                                                          SHA1:CAC699787884FB993CED8D7DC47B7C522C7BC734
                                                                                                                                                                                                                                                                                                                          SHA-256:539DC26A14B6277E87348594AB7D6E932D16AABB18612D77F29FE421A9F1D46A
                                                                                                                                                                                                                                                                                                                          SHA-512:D4A78DAF4AE93952197208752D801390CE39A519E7F5AA1360C42FC563EC0E221625B1BFEC2A9564FD3DCD14C18B74D5D9FA6E57C2BCED40C1F32C6814B4C523
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>....<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">.. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):634880
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.725993420711579
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:+1gJ55OHTDPs3ERKBUlthe/L4nZqePYM43KD20qFcF3CFoAFK8VD:pJXOPBBtYD7eT43KPBCFoWK8VD
                                                                                                                                                                                                                                                                                                                          MD5:1D7CEAA1E3ECD748F053D1E3638B80FF
                                                                                                                                                                                                                                                                                                                          SHA1:EC2BE03F01CFEAF52FDB5B86878C7A5211BFE4EC
                                                                                                                                                                                                                                                                                                                          SHA-256:7FEECD100B15CE9D764AA20D2CD9985C6EA163AD68CA8F9EDDC85516E4465496
                                                                                                                                                                                                                                                                                                                          SHA-512:1A74D98F7EC1B5C7C042FBF5361959C5B888A830EF255A393990E11DE48DFE90BC9A1847492935DFA0926D56C2B81032D96645072735C2308AB579205DF7D3ED
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........H........m...8...... ......h...........................................^..}.....(.......(.....*.0..7.........{....o....r...p(......,..r...p(....&.+..rI..p(....&.*..0..7.........{....o....r...p(......,..r...p(....&.+..rI..p(....&.*..0..7.........{....o....r...p(......,..r...p(....&.+..rI..p(....&.*..0..+.........,..{.......+....,...{....o........(.....*..0..=.........s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s ...}.....s....}.....{....o!.....{....o".....(!.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....o#....{....o$.....{....(%...o&.....{........s'...o(.....{....r...po).....{.... .... ....s*...o+.....{.....o,.....{.....o-.....{....rC..po......{.....o/.....{....(0...o1.....{....r_..p"...A...s2...o3.....{....(%...o&.....{...

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1735220815381915900_58237448-0DF9-42E8-B88C-CCFCA3A9B945.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (858), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.006746793573910546
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:jXYBKTU2/Ls1jYFkkuxEsqtEHunUd9BC:jXYBKTU2/Ls1jYFluxEFKMUd9BC
                                                                                                                                                                                                                                                                                                                          MD5:2EBFA5AE2807F41359956172BA6EC48C
                                                                                                                                                                                                                                                                                                                          SHA1:9B7FFB36BC2F628515FBE99EAFDFA6C1E25E5391
                                                                                                                                                                                                                                                                                                                          SHA-256:3047CF75CEA8B158E0E96FA3BCDA13FB7B1F98AC56D9D272CA55225047D3D560
                                                                                                                                                                                                                                                                                                                          SHA-512:804327A65A12E9AE2F375D01067E13B59490E56AC0AC2CCB2345102098962CD76AAA7570EE5F245DFE08BDE565D2E55E8A99D87BB30EAA2A4C5ABA0B2163853B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/26/2024 13:46:55.437.OUTLOOK (0xB68).0x1818.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-12-26T13:46:55.437Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"59ABD11A-0C70-4CAD-BE7C-3FC5BBF3313B","Data.PreviousSessionInitTime":"2024-12-26T13:46:35.537Z","Data.PreviousSessionUninitTime":"2024-12-26T13:46:38.522Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...12/26/2024 13:46:55.469.OUTLOOK (0xB68).0x189C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1735220815382914800_58237448-0DF9-42E8-B88C-CCFCA3A9B945.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                                                                                                                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                                                                                                                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                                                                                                                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                                                                                                                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241226T0846550197-2920.etl

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):192512
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.855989101198676
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:F4gSU9HfHyBAmGF5AUB6ekUJYw8KSvKRB4BHd0esHXRB/H/:F4gSUpf1QQXRB/f
                                                                                                                                                                                                                                                                                                                          MD5:147955024ADAFB0BAA25D2BF8749873E
                                                                                                                                                                                                                                                                                                                          SHA1:B8B3977C99798C3DEB1D636E2139EB2D8C357380
                                                                                                                                                                                                                                                                                                                          SHA-256:265CF2767A3732B25B33C063D77A0875FB852827346C35285D0B4365209D9ADA
                                                                                                                                                                                                                                                                                                                          SHA-512:7E24B3259C28D3FF7964DFB389BA829D50F792B1181C7FCBC8057295EFDE6BE637D6D050E6C28E74066F2D2201FB5D07EA9F381474BCAFFF0CBFA58A5FBCFE4E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:............................................................................^.......h....!6..W..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y...........!6..W..........v.2._.O.U.T.L.O.O.K.:.b.6.8.:.d.b.3.7.3.1.7.2.c.e.9.6.4.7.8.2.b.d.e.b.d.c.0.d.6.f.6.d.f.a.b.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.2.6.T.0.8.4.6.5.5.0.1.9.7.-.2.9.2.0...e.t.l.........P.P.....h....!6..W..........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF8180865D96861D93.TMP

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):163840
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.31998682418162133
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:TcaEGO6LmttJ58v1TD8TyNsbUnZwtsmizgNgz0XHWQOAIAbAn/:TcaxLgtJ58vx8vbQZw7Mz0XHOAIM
                                                                                                                                                                                                                                                                                                                          MD5:B7A7ACB30C533E874C1A000D73E26624
                                                                                                                                                                                                                                                                                                                          SHA1:79F80445805892AC12CBAD2AB51B5551CC49CFAC
                                                                                                                                                                                                                                                                                                                          SHA-256:50AB41F842988EC7E5E2D2EC60CFDE7A6C5EC25A5F6A8C7A2120AA1EB6861108
                                                                                                                                                                                                                                                                                                                          SHA-512:E6B9BA6699149D908E36EB356462C3879B2D6105693B9AE3407324D5F109A545DF05ABA9D4E6848EF140FB73E49E449B296AEC6B87D4507AE52A82ACA699C981
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H5ulX:c
                                                                                                                                                                                                                                                                                                                          MD5:7DDA4872D9DCB7A03FC05226639D1C62
                                                                                                                                                                                                                                                                                                                          SHA1:8ED7FCFD7E87668331F53C86C285287D9C1B5D1D
                                                                                                                                                                                                                                                                                                                          SHA-256:EF71B52CA7D65BF2A0675780EF73FA45A76563BCFF195BA6621C20BCD9F8A110
                                                                                                                                                                                                                                                                                                                          SHA-512:3BD0605EB3B2BE606E0517CA74AED82F7E2B5B440DFC84E084B424F66CEEF4CE2C0DC365898ED1A6F89D6B5A23955E5337FB55D63FF33A1AFBC0145953495305
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:....p.........................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.669941454591338
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:rl3baF7qLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCPvHX:rXmnq1Py961XX
                                                                                                                                                                                                                                                                                                                          MD5:282CCDBBC13907DFBD7D604C0C58FC90
                                                                                                                                                                                                                                                                                                                          SHA1:FA1A3E1C13379AA93735CAECA5A7C8B87244D7B0
                                                                                                                                                                                                                                                                                                                          SHA-256:8BC6B5D82DE49C216155724F9FD36E910652BDF7A7BFE9456BC20659046468AC
                                                                                                                                                                                                                                                                                                                          SHA-512:1B57663DFC48880B5B24DAB546A3DBAE5CB5A6F85053D9A8B4601D9F1373E541EE1B37349EC4771C2F6F6CFD9660CBDDE0F8934D0669FF4D22B15CD5EAC72659
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9285906187052255
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakN1D9Vxeh:8S+OIfPUFuOdwNIOd8jvYR0uL8DD8P
                                                                                                                                                                                                                                                                                                                          MD5:935374A9115E9785C00EAB92F6B3799A
                                                                                                                                                                                                                                                                                                                          SHA1:88917137C9A30C0A23F4257461743B3CE69BD2DB
                                                                                                                                                                                                                                                                                                                          SHA-256:C67E618C7F344EAB105D61EE12B6EF1266134803E7912B90BCE79125D83EBE15
                                                                                                                                                                                                                                                                                                                          SHA-512:935033E6E314009A363B9E5C0BFA23CFB248D31C9142F4222DBABD5C166407D690F149A51D35A3333851F7135D9101F78F80287BDC01BF33A80F09B153BDA2F7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9285906187052255
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakN1D9Vxeh:8S+OIfPUFuOdwNIOd8jvYR0uL8DD8P
                                                                                                                                                                                                                                                                                                                          MD5:935374A9115E9785C00EAB92F6B3799A
                                                                                                                                                                                                                                                                                                                          SHA1:88917137C9A30C0A23F4257461743B3CE69BD2DB
                                                                                                                                                                                                                                                                                                                          SHA-256:C67E618C7F344EAB105D61EE12B6EF1266134803E7912B90BCE79125D83EBE15
                                                                                                                                                                                                                                                                                                                          SHA-512:935033E6E314009A363B9E5C0BFA23CFB248D31C9142F4222DBABD5C166407D690F149A51D35A3333851F7135D9101F78F80287BDC01BF33A80F09B153BDA2F7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState-1.txt

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):127
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9561389191900656
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:EbfIJiM4dqEcldnXcMcsC6UbhFRgvKR1FV1OQSaR/F:Jinjclpc+vUbhsKRiJaRt
                                                                                                                                                                                                                                                                                                                          MD5:3321FA71B9F8AA90CEFDBA4A329A2C67
                                                                                                                                                                                                                                                                                                                          SHA1:050F19105F51277313E97C964F260C34A933EC72
                                                                                                                                                                                                                                                                                                                          SHA-256:D1890A4DEE074D21E84E4FD96AD72E9F5C9AB2274EDAB291E259C7243F04800D
                                                                                                                                                                                                                                                                                                                          SHA-512:49B3CC9DE63C00B59BB6CEA3F9ACFE3CD40B98E6807613B4C32BCC8EB006A88513F7AF870C59162434BCA28E80637B7E253680291DD884D145EA552C1DEEEBEC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:www.mozilla.org^partitionKey=%28https%2Cmozilla.org%29.0.19636.1728119303277,1,0.spocs.getpocket.com.1.20083.1759655303841,1,0.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState.txt (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):127
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9561389191900656
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:EbfIJiM4dqEcldnXcMcsC6UbhFRgvKR1FV1OQSaR/F:Jinjclpc+vUbhsKRiJaRt
                                                                                                                                                                                                                                                                                                                          MD5:3321FA71B9F8AA90CEFDBA4A329A2C67
                                                                                                                                                                                                                                                                                                                          SHA1:050F19105F51277313E97C964F260C34A933EC72
                                                                                                                                                                                                                                                                                                                          SHA-256:D1890A4DEE074D21E84E4FD96AD72E9F5C9AB2274EDAB291E259C7243F04800D
                                                                                                                                                                                                                                                                                                                          SHA-512:49B3CC9DE63C00B59BB6CEA3F9ACFE3CD40B98E6807613B4C32BCC8EB006A88513F7AF870C59162434BCA28E80637B7E253680291DD884D145EA552C1DEEEBEC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:www.mozilla.org^partitionKey=%28https%2Cmozilla.org%29.0.19636.1728119303277,1,0.spocs.getpocket.com.1.20083.1759655303841,1,0.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):5312
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):5312
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                          MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                          SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                          SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                          SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                          MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                          SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                          SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                          SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\handlers.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):434
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.787121502165338
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:YCEA854HuT4ArJECjtYT4ALECbhuT4AcOFt2prgiAtJWfahXHOaxhR3C/4WCRuMD:Y48yL4JrTirbhrXqSERpu+BzFRuMQdyD
                                                                                                                                                                                                                                                                                                                          MD5:0C783E0C7D5FDB51E1C0A2CB72164DB7
                                                                                                                                                                                                                                                                                                                          SHA1:4D138344088271C1B92055B59CF5087FC87A55D7
                                                                                                                                                                                                                                                                                                                          SHA-256:8CE0AE7D86B08452A408CA9E58E6D8A4B7CC4EFEB32B78C1AADBBE2FFB676934
                                                                                                                                                                                                                                                                                                                          SHA-512:9C745F0A2838DE5FC1D74701DCF47F8FFD0F9C9281CEA05D1443304AEEC40B8D6C525C890161F9861E5B9A2973B2CDB3525484E92B0D18279CD42E79FB9C08A3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"defaultHandlersVersion":{},"mimeTypes":{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-gzip":{"action":4,"extensions":["gz"]}},"schemes":{"mailto":{"stubEntry":true,"handlers":[null,{"name":"Gmail","uriTemplate":"https://mail.google.com/mail/?extsrc=mailto&url=%s"}]}},"isDownloadsImprovementsAlreadyMigrated":false}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\handlers.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):434
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.787121502165338
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:YCEA854HuT4ArJECjtYT4ALECbhuT4AcOFt2prgiAtJWfahXHOaxhR3C/4WCRuMD:Y48yL4JrTirbhrXqSERpu+BzFRuMQdyD
                                                                                                                                                                                                                                                                                                                          MD5:0C783E0C7D5FDB51E1C0A2CB72164DB7
                                                                                                                                                                                                                                                                                                                          SHA1:4D138344088271C1B92055B59CF5087FC87A55D7
                                                                                                                                                                                                                                                                                                                          SHA-256:8CE0AE7D86B08452A408CA9E58E6D8A4B7CC4EFEB32B78C1AADBBE2FFB676934
                                                                                                                                                                                                                                                                                                                          SHA-512:9C745F0A2838DE5FC1D74701DCF47F8FFD0F9C9281CEA05D1443304AEEC40B8D6C525C890161F9861E5B9A2973B2CDB3525484E92B0D18279CD42E79FB9C08A3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"defaultHandlersVersion":{},"mimeTypes":{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-gzip":{"action":4,"extensions":["gz"]}},"schemes":{"mailto":{"stubEntry":true,"handlers":[null,{"name":"Gmail","uriTemplate":"https://mail.google.com/mail/?extsrc=mailto&url=%s"}]}},"isDownloadsImprovementsAlreadyMigrated":false}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):12760
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478018401517961
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:enGRvo1YYbBp6nDLZwxhaXD6+hN87u5RuFNBw8rZSl:NeQFwxT2NEw00
                                                                                                                                                                                                                                                                                                                          MD5:7E7E9A8F44F1C00DA4EFFB344F6F6B93
                                                                                                                                                                                                                                                                                                                          SHA1:3763A67D74374A7EFA00EECEA844A8D1C5F58D5A
                                                                                                                                                                                                                                                                                                                          SHA-256:31B9397095854F489E490C2DE2948088B0CBF24574F37558A31F378014C2369C
                                                                                                                                                                                                                                                                                                                          SHA-512:01E5D77C91E02B17D947ACB0659B85AF14FCB9319DE122E8BA06C03FAF6D5AEB3127DB6BED7A25B0248FD4572B8BC9FCDBC295B59DF9CE25BD68637A8C26C4D9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735224770);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735224770);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735224770);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173522

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):12760
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478018401517961
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:enGRvo1YYbBp6nDLZwxhaXD6+hN87u5RuFNBw8rZSl:NeQFwxT2NEw00
                                                                                                                                                                                                                                                                                                                          MD5:7E7E9A8F44F1C00DA4EFFB344F6F6B93
                                                                                                                                                                                                                                                                                                                          SHA1:3763A67D74374A7EFA00EECEA844A8D1C5F58D5A
                                                                                                                                                                                                                                                                                                                          SHA-256:31B9397095854F489E490C2DE2948088B0CBF24574F37558A31F378014C2369C
                                                                                                                                                                                                                                                                                                                          SHA-512:01E5D77C91E02B17D947ACB0659B85AF14FCB9319DE122E8BA06C03FAF6D5AEB3127DB6BED7A25B0248FD4572B8BC9FCDBC295B59DF9CE25BD68637A8C26C4D9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735224770);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735224770);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735224770);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173522

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):46888
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.267025375802315
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:3lZy9lAEV09+/NYHyMYZU6oowOyggrqAox3ycNhnzFSJ7rV5y:3WXnVYWUoRnkox3ycNhnzFSJu
                                                                                                                                                                                                                                                                                                                          MD5:7A4C9E420A4CF17066A748A9CC1266A1
                                                                                                                                                                                                                                                                                                                          SHA1:570DF7336DFCBC866E8DC1FB8B5BC400192483F8
                                                                                                                                                                                                                                                                                                                          SHA-256:15D94803EF00255386D1D2A7BBAC201F9B00EFA5443C4EC8996CCBCFA53DA662
                                                                                                                                                                                                                                                                                                                          SHA-512:1128EDE532355D88F97F6FA68CBDC0FFF03374588EC6879600037F4F49D0F3A1C1F67377A88AE4E0EEEB453D0C989B3B309664B3825729E929E0AE6E938F40CE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"main","id":"82a4d6ca-10cf-48af-99bb-486a9877ccf2","creationDate":"2024-12-26T14:53:04.725Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":7823,"start":3884136,"main":3884353,"selectProfile":3884361,"afterProfileLocked":3884365,"startupCrashDetectionBegin":3884839,"startupCrashDetectionEnd":3927365,"firstPaint":3887825,"firstPaint2":3885941,"sessionRestoreInit":3885201,"sessionRestored":3888262,"createTopLevelWindow":3884989,"quitApplication":3927832,"profileBeforeChange":3932814,"AMI_startup_begin":7768977,"XPI_startup_begin":7768981,"XPI_bootstrap_addons_begin":7768989,"XPI_bootstrap_addons_end":7769071,"XPI_startup_end":7769071,"AMI_startup_end":7769073,"XPI_finalUIStartup":7769300,"sessionRestoreInitialized":7769302,"delayedStartupStart

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):46888
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.267025375802315
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:3lZy9lAEV09+/NYHyMYZU6oowOyggrqAox3ycNhnzFSJ7rV5y:3WXnVYWUoRnkox3ycNhnzFSJu
                                                                                                                                                                                                                                                                                                                          MD5:7A4C9E420A4CF17066A748A9CC1266A1
                                                                                                                                                                                                                                                                                                                          SHA1:570DF7336DFCBC866E8DC1FB8B5BC400192483F8
                                                                                                                                                                                                                                                                                                                          SHA-256:15D94803EF00255386D1D2A7BBAC201F9B00EFA5443C4EC8996CCBCFA53DA662
                                                                                                                                                                                                                                                                                                                          SHA-512:1128EDE532355D88F97F6FA68CBDC0FFF03374588EC6879600037F4F49D0F3A1C1F67377A88AE4E0EEEB453D0C989B3B309664B3825729E929E0AE6E938F40CE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"main","id":"82a4d6ca-10cf-48af-99bb-486a9877ccf2","creationDate":"2024-12-26T14:53:04.725Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":7823,"start":3884136,"main":3884353,"selectProfile":3884361,"afterProfileLocked":3884365,"startupCrashDetectionBegin":3884839,"startupCrashDetectionEnd":3927365,"firstPaint":3887825,"firstPaint2":3885941,"sessionRestoreInit":3885201,"sessionRestored":3888262,"createTopLevelWindow":3884989,"quitApplication":3927832,"profileBeforeChange":3932814,"AMI_startup_begin":7768977,"XPI_startup_begin":7768981,"XPI_bootstrap_addons_begin":7768989,"XPI_bootstrap_addons_end":7769071,"XPI_startup_end":7769071,"AMI_startup_end":7769073,"XPI_finalUIStartup":7769300,"sessionRestoreInitialized":7769302,"delayedStartupStart

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):492
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.991364142652157
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgIsUDsIVHlW8cOlZGV1AQIYzvZcDBHCbNcu:YaesSlCOlZGV1AQIWZcD9Cb
                                                                                                                                                                                                                                                                                                                          MD5:0258F5763A2062BFAA3E3700829913C0
                                                                                                                                                                                                                                                                                                                          SHA1:B32816A18B0CC872CDFBC84B62305EB058B4AA42
                                                                                                                                                                                                                                                                                                                          SHA-256:3A934264525F575BECE7095A1485D6E9D53FF3E2063A968435B612DDACECF8F5
                                                                                                                                                                                                                                                                                                                          SHA-512:8B9DD5C2D943FE187B8F56A16CBCB9D7B0846369DD9E793C3D568B6A72C92624C02A9EE947E8C37D49BAAABC80442FBDBA8263BC482C425801BB530D1A46A619
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"8703f130-6e6f-4e45-878c-98abc4931698","creationDate":"2024-12-26T14:53:04.584Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"shutdown","sendFailure":{"eTerminated":16}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):492
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.991364142652157
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgIsUDsIVHlW8cOlZGV1AQIYzvZcDBHCbNcu:YaesSlCOlZGV1AQIWZcD9Cb
                                                                                                                                                                                                                                                                                                                          MD5:0258F5763A2062BFAA3E3700829913C0
                                                                                                                                                                                                                                                                                                                          SHA1:B32816A18B0CC872CDFBC84B62305EB058B4AA42
                                                                                                                                                                                                                                                                                                                          SHA-256:3A934264525F575BECE7095A1485D6E9D53FF3E2063A968435B612DDACECF8F5
                                                                                                                                                                                                                                                                                                                          SHA-512:8B9DD5C2D943FE187B8F56A16CBCB9D7B0846369DD9E793C3D568B6A72C92624C02A9EE947E8C37D49BAAABC80442FBDBA8263BC482C425801BB530D1A46A619
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"8703f130-6e6f-4e45-878c-98abc4931698","creationDate":"2024-12-26T14:53:04.584Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"shutdown","sendFailure":{"eTerminated":16}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):8747
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.173586785276901
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:C6+c0MXVhicbhbVbTbfbRbObtbyEl7niGPYAtJA6UnSrDtT5d/S9hn:C6lycNhnzFSJCGPYAoLnSrDh5d/y
                                                                                                                                                                                                                                                                                                                          MD5:1B467417959E8CA2843DBE6E4C6D185F
                                                                                                                                                                                                                                                                                                                          SHA1:A3AB4BE0B814C6D28F1FA6A187E92816D4553811
                                                                                                                                                                                                                                                                                                                          SHA-256:C95B3F0778CE1EE9862B8EC919695158C0C31E6CA872E04328E5C3E3F5C2C349
                                                                                                                                                                                                                                                                                                                          SHA-512:E3CB9EF9504EDAA2222D1453E68B6721DDFA6A821450D2DFCF644840B495F856323236A0F6DA6F5FB6D2703CBF7D8EF8DE91B6E0018015EFC03EFBB11C520E15
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"event","id":"92118fc7-b26d-4ba4-8aa3-ae9db125b705","creationDate":"2024-12-26T14:53:04.584Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"reason":"shutdown","processStartTimestamp":1735220820000,"sessionId":"af20d9be-7e52-4994-a5c0-98622ee123fc","subsessionId":"911d7975-b525-46e5-a18b-aaa6269f96f6","lostEventsCount":0,"events":{"parent":[[3897807,"normandy","enroll","nimbus_experiment","extensions-migration-in-import-wizard-116-rollout",{"experimentType":"rollout","branch":"control","enrollmentId":"1d54e675-981c-46ad-a251-a1041ac13c8a"}],[3905557,"normandy","validationFailed","nimbus_experiment","next-generation-accessibility-engine-powering-screen-readers",{"reason":"invalid-feature","feature":"accessibilityCache"}],[3905557,"normandy","validationFailed","nimbus_experiment","ne

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):8747
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.173586785276901
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:C6+c0MXVhicbhbVbTbfbRbObtbyEl7niGPYAtJA6UnSrDtT5d/S9hn:C6lycNhnzFSJCGPYAoLnSrDh5d/y
                                                                                                                                                                                                                                                                                                                          MD5:1B467417959E8CA2843DBE6E4C6D185F
                                                                                                                                                                                                                                                                                                                          SHA1:A3AB4BE0B814C6D28F1FA6A187E92816D4553811
                                                                                                                                                                                                                                                                                                                          SHA-256:C95B3F0778CE1EE9862B8EC919695158C0C31E6CA872E04328E5C3E3F5C2C349
                                                                                                                                                                                                                                                                                                                          SHA-512:E3CB9EF9504EDAA2222D1453E68B6721DDFA6A821450D2DFCF644840B495F856323236A0F6DA6F5FB6D2703CBF7D8EF8DE91B6E0018015EFC03EFBB11C520E15
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"event","id":"92118fc7-b26d-4ba4-8aa3-ae9db125b705","creationDate":"2024-12-26T14:53:04.584Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"reason":"shutdown","processStartTimestamp":1735220820000,"sessionId":"af20d9be-7e52-4994-a5c0-98622ee123fc","subsessionId":"911d7975-b525-46e5-a18b-aaa6269f96f6","lostEventsCount":0,"events":{"parent":[[3897807,"normandy","enroll","nimbus_experiment","extensions-migration-in-import-wizard-116-rollout",{"experimentType":"rollout","branch":"control","enrollmentId":"1d54e675-981c-46ad-a251-a1041ac13c8a"}],[3905557,"normandy","validationFailed","nimbus_experiment","next-generation-accessibility-engine-powering-screen-readers",{"reason":"invalid-feature","feature":"accessibilityCache"}],[3905557,"normandy","validationFailed","nimbus_experiment","ne

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\af867e5f-a6ed-4918-b6c3-31aa55bb6bbd (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):492
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.965157996101807
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgs24ZDWIIVHlW8cOlZGV1AQIYzvZcyB7CbNcu:Yp24RWISlCOlZGV1AQIWZcy5Cb
                                                                                                                                                                                                                                                                                                                          MD5:0FB66A31C0AFE6F6131D5242C0A4576D
                                                                                                                                                                                                                                                                                                                          SHA1:06416FEA119636B22DC878E06A70C4C0ED956864
                                                                                                                                                                                                                                                                                                                          SHA-256:7277381E8C7AF53082D592511E43F6F011E95F843A808B8CD45F29FE4ABDE2E6
                                                                                                                                                                                                                                                                                                                          SHA-512:34A878F9C1E2B33E5EC4687819CF6301644D9EC60F76FB9AC262920F922D318193BF0AD88B8508AF8436E60113EDBDAE718D3937BA182D8D2292E321735744F1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"af867e5f-a6ed-4918-b6c3-31aa55bb6bbd","creationDate":"2024-12-26T14:53:03.858Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eTerminated":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\af867e5f-a6ed-4918-b6c3-31aa55bb6bbd.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):492
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.965157996101807
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgs24ZDWIIVHlW8cOlZGV1AQIYzvZcyB7CbNcu:Yp24RWISlCOlZGV1AQIWZcy5Cb
                                                                                                                                                                                                                                                                                                                          MD5:0FB66A31C0AFE6F6131D5242C0A4576D
                                                                                                                                                                                                                                                                                                                          SHA1:06416FEA119636B22DC878E06A70C4C0ED956864
                                                                                                                                                                                                                                                                                                                          SHA-256:7277381E8C7AF53082D592511E43F6F011E95F843A808B8CD45F29FE4ABDE2E6
                                                                                                                                                                                                                                                                                                                          SHA-512:34A878F9C1E2B33E5EC4687819CF6301644D9EC60F76FB9AC262920F922D318193BF0AD88B8508AF8436E60113EDBDAE718D3937BA182D8D2292E321735744F1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"af867e5f-a6ed-4918-b6c3-31aa55bb6bbd","creationDate":"2024-12-26T14:53:03.858Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eTerminated":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):288
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.271085273892442
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:Y9KQOy6Lb1BA+m2L69YsMH7uMHeWm2L6NpQmeMOJiS0SeMOJiIHeMOcAJ6C:YoQOJs+RLVHXHzL0OJiLJiIaxwC
                                                                                                                                                                                                                                                                                                                          MD5:948A7403E323297C6BB8A5C791B42866
                                                                                                                                                                                                                                                                                                                          SHA1:88A555717E8A4A33ECCFB7D47A2A4AA31038F9C0
                                                                                                                                                                                                                                                                                                                          SHA-256:2FCA1F29B73DD5B4159FA1EB16E69276482F5224BA7D2219A547039129A51F0E
                                                                                                                                                                                                                                                                                                                          SHA-512:17E2F65C33F47C8BB4BECA31DB2AFF3D4BBB6C2D36924057F9F847E207BDCB85FFCBB32C80DD06862FFC9B7F0BD3F5E2E65B48BB1BC3363732751101D5596B1A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true,"quit-application-granted":true,"quit-application":true,"sessionstore-final-state-write-complete":true,"profile-change-net-teardown":true,"profile-change-teardown":true,"profile-before-change":true}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):288
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.271085273892442
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:Y9KQOy6Lb1BA+m2L69YsMH7uMHeWm2L6NpQmeMOJiS0SeMOJiIHeMOcAJ6C:YoQOJs+RLVHXHzL0OJiLJiIaxwC
                                                                                                                                                                                                                                                                                                                          MD5:948A7403E323297C6BB8A5C791B42866
                                                                                                                                                                                                                                                                                                                          SHA1:88A555717E8A4A33ECCFB7D47A2A4AA31038F9C0
                                                                                                                                                                                                                                                                                                                          SHA-256:2FCA1F29B73DD5B4159FA1EB16E69276482F5224BA7D2219A547039129A51F0E
                                                                                                                                                                                                                                                                                                                          SHA-512:17E2F65C33F47C8BB4BECA31DB2AFF3D4BBB6C2D36924057F9F847E207BDCB85FFCBB32C80DD06862FFC9B7F0BD3F5E2E65B48BB1BC3363732751101D5596B1A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true,"quit-application-granted":true,"quit-application":true,"sessionstore-final-state-write-complete":true,"profile-change-net-teardown":true,"profile-change-teardown":true,"profile-before-change":true}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 6296 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1682
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.4086531729841125
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:sp1BsQusKVuNPlUCNxNWLJHMkGpikSuLrjplgO:qspiHxNWKckSubgO
                                                                                                                                                                                                                                                                                                                          MD5:CF7644DD654782EB56883F1286FBD405
                                                                                                                                                                                                                                                                                                                          SHA1:51D42C2B7F683FF9C6E4F601A52E50BD46DBF995
                                                                                                                                                                                                                                                                                                                          SHA-256:AEE691167631502228A0BEEC7F949DF70D130ADCF3F0DB405D0AFB870AE96B2C
                                                                                                                                                                                                                                                                                                                          SHA-512:AEBAC7A5931BBA2DCD25F229683FD5A1CE10C561B99BD67D9B380DD3EF6502FCBB97369212D098DCD060B359B2E1FAF89999F955F34BA18B4BCE3C50CC1D1AB8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...&url":"file:///C:/Users/user/AppData/Local/Microsoft/WU..</INetCache/Content.Outlook/UGHXYJDZ/JIL-_Document_No._2500015903.GZ","title..k.c....Key":0,"ID":7,"docshellUU...6"{1628f367-3fe3-470b-95c1-d4847d3062c6}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{793366a0-748d-403c-b7a7-79eb03ec0d3e}\"}..0has...Interact ...false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1735224746911,"hiddey..searchMode..Auser9.AxtId|..attribut...{},"index":1W..questedI..s0,"imagL.(},......_55075..3.|.....TypedValu..l.T.....Clear":0..`select...2,"_closedT..@],"_...C....GroupCount":-1,"busy....chromeFlags":2167541758g...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....544a81f3-86cf-4601-b565-c8cb2ca3983a","z;..1......c...........:..S.1":{..fUpdate....55082,"startTim..P31147...centCrash...0},"global..Dcook.. hoZ..."addons.mozilla.org","v

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 6296 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1682
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.4086531729841125
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:sp1BsQusKVuNPlUCNxNWLJHMkGpikSuLrjplgO:qspiHxNWKckSubgO
                                                                                                                                                                                                                                                                                                                          MD5:CF7644DD654782EB56883F1286FBD405
                                                                                                                                                                                                                                                                                                                          SHA1:51D42C2B7F683FF9C6E4F601A52E50BD46DBF995
                                                                                                                                                                                                                                                                                                                          SHA-256:AEE691167631502228A0BEEC7F949DF70D130ADCF3F0DB405D0AFB870AE96B2C
                                                                                                                                                                                                                                                                                                                          SHA-512:AEBAC7A5931BBA2DCD25F229683FD5A1CE10C561B99BD67D9B380DD3EF6502FCBB97369212D098DCD060B359B2E1FAF89999F955F34BA18B4BCE3C50CC1D1AB8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...&url":"file:///C:/Users/user/AppData/Local/Microsoft/WU..</INetCache/Content.Outlook/UGHXYJDZ/JIL-_Document_No._2500015903.GZ","title..k.c....Key":0,"ID":7,"docshellUU...6"{1628f367-3fe3-470b-95c1-d4847d3062c6}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{793366a0-748d-403c-b7a7-79eb03ec0d3e}\"}..0has...Interact ...false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1735224746911,"hiddey..searchMode..Auser9.AxtId|..attribut...{},"index":1W..questedI..s0,"imagL.(},......_55075..3.|.....TypedValu..l.T.....Clear":0..`select...2,"_closedT..@],"_...C....GroupCount":-1,"busy....chromeFlags":2167541758g...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....544a81f3-86cf-4601-b565-c8cb2ca3983a","z;..1......c...........:..S.1":{..fUpdate....55082,"startTim..P31147...centCrash...0},"global..Dcook.. hoZ..."addons.mozilla.org","v

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 3831 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1444
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.3111305006563
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:vQMSUGVXkBsj8usK1fDsfNPPlUGqgrlDdNC+ET5sjIeWGULHfc0vnVHT5t5l8h8j:IMp1BsQusKVuNPlU6JdsvqfmAOz68HD
                                                                                                                                                                                                                                                                                                                          MD5:E81C4235B3352EA1BD667E3B2CBE0E8E
                                                                                                                                                                                                                                                                                                                          SHA1:EAD3C36E5DF03C763F525C2341C6B2FB588A0CCC
                                                                                                                                                                                                                                                                                                                          SHA-256:65E9E69C42257B62241401E3490BA1619FC58F07315EBF5FA2118585BF287C83
                                                                                                                                                                                                                                                                                                                          SHA-512:4739F0FE50C34F0960CEC001E2D2172C56ED6C0899FE2DD50A000253315609CB532CDD1F367A3788E4C94EB648ADF1F30F06B8D5B26F159684DF82D7C2233EB2
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...&url":"file:///C:/Users/user/AppData/Local/Microsoft/WU..</INetCache/Content.Outlook/UGHXYJDZ/JIL-_Document_No._2500015903.GZ","title..k.c....Key":0,"ID":7,"docshellUU...6"{1628f367-3fe3-470b-95c1-d4847d3062c6}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{793366a0-748d-403c-b7a7-79eb03ec0d3e}\"}..0has...Interact ...false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1735224758760,"hiddey..searchMode..Auser9.AxtId|..attribut...{},"index":1W..questedI..s0,"imagL....aselect...,"_closedT...state":....about:blank"....eyIzIjp7fX0="t.....O6127..3..../..TypedValu2.l......RClear..........}...b.a.).Q,"pos...!.'At...6128,"source......C.$0"4.....0..._...Ci...GroupCount":-1,"chromeFlags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem9.."maximized"...BeforeMin...&..workspace....544a81f3-86cf-4601-b565-c8cb2ca3983a","zg..1..k._shouldR...x........r........1.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 3831 bytes
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1444
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.3111305006563
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:vQMSUGVXkBsj8usK1fDsfNPPlUGqgrlDdNC+ET5sjIeWGULHfc0vnVHT5t5l8h8j:IMp1BsQusKVuNPlU6JdsvqfmAOz68HD
                                                                                                                                                                                                                                                                                                                          MD5:E81C4235B3352EA1BD667E3B2CBE0E8E
                                                                                                                                                                                                                                                                                                                          SHA1:EAD3C36E5DF03C763F525C2341C6B2FB588A0CCC
                                                                                                                                                                                                                                                                                                                          SHA-256:65E9E69C42257B62241401E3490BA1619FC58F07315EBF5FA2118585BF287C83
                                                                                                                                                                                                                                                                                                                          SHA-512:4739F0FE50C34F0960CEC001E2D2172C56ED6C0899FE2DD50A000253315609CB532CDD1F367A3788E4C94EB648ADF1F30F06B8D5B26F159684DF82D7C2233EB2
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...&url":"file:///C:/Users/user/AppData/Local/Microsoft/WU..</INetCache/Content.Outlook/UGHXYJDZ/JIL-_Document_No._2500015903.GZ","title..k.c....Key":0,"ID":7,"docshellUU...6"{1628f367-3fe3-470b-95c1-d4847d3062c6}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{793366a0-748d-403c-b7a7-79eb03ec0d3e}\"}..0has...Interact ...false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1735224758760,"hiddey..searchMode..Auser9.AxtId|..attribut...{},"index":1W..questedI..s0,"imagL....aselect...,"_closedT...state":....about:blank"....eyIzIjp7fX0="t.....O6127..3..../..TypedValu2.l......RClear..........}...b.a.).Q,"pos...!.'At...6128,"source......C.$0"4.....0..._...Ci...GroupCount":-1,"chromeFlags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem9.."maximized"...BeforeMin...&..workspace....544a81f3-86cf-4601-b565-c8cb2ca3983a","zg..1..k._shouldR...x........r........1.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.033013831849436
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYApUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycAdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                          MD5:9A5E94288058C6743253AF442A4B7036
                                                                                                                                                                                                                                                                                                                          SHA1:7B6B63544A794E080B9D1FB1842DDE25F9C80AE8
                                                                                                                                                                                                                                                                                                                          SHA-256:C1A4DFF99C5909791CD5F458B1B535EF7B3542CA4A351552822356F11322189F
                                                                                                                                                                                                                                                                                                                          SHA-512:D47E21F7B9A24B7CF441E7463FE318BE1132B1EDA4D95B8BE4DC3B74FDB25251A2F3B9BBA6E05B2B0C4C0CE7A6B0BD0BC3FB5B6F7D45018514191AAFAF4441C3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-26T14:52:36.636Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.033013831849436
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYApUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycAdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                          MD5:9A5E94288058C6743253AF442A4B7036
                                                                                                                                                                                                                                                                                                                          SHA1:7B6B63544A794E080B9D1FB1842DDE25F9C80AE8
                                                                                                                                                                                                                                                                                                                          SHA-256:C1A4DFF99C5909791CD5F458B1B535EF7B3542CA4A351552822356F11322189F
                                                                                                                                                                                                                                                                                                                          SHA-512:D47E21F7B9A24B7CF441E7463FE318BE1132B1EDA4D95B8BE4DC3B74FDB25251A2F3B9BBA6E05B2B0C4C0CE7A6B0BD0BC3FB5B6F7D45018514191AAFAF4441C3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-26T14:52:36.636Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):217
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5294045749673835
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:YGNTG/SJsAUv54rH0vHlxKgfQYV2fEzLO:YGNdciHylxKgfV2MnO
                                                                                                                                                                                                                                                                                                                          MD5:4B4A526BE952757E6BF2B965CB6DA478
                                                                                                                                                                                                                                                                                                                          SHA1:3EBF0ED8024FAECCA22C21C286652D25F97FDF6B
                                                                                                                                                                                                                                                                                                                          SHA-256:4FFB085F0511D484E63081A415D03C3EC86CFD8D461117AC6249EAB09F0D9332
                                                                                                                                                                                                                                                                                                                          SHA-512:BB06D366BE42D480EB75886F12B89FFCD3E64101EF11F82405147C76DEBC973F69253650BF917FA0DD66E16CF37F2B631365AF5165EA61593867E603EABBCEF1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"maximized"},"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""}}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):217
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5294045749673835
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:YGNTG/SJsAUv54rH0vHlxKgfQYV2fEzLO:YGNdciHylxKgfV2MnO
                                                                                                                                                                                                                                                                                                                          MD5:4B4A526BE952757E6BF2B965CB6DA478
                                                                                                                                                                                                                                                                                                                          SHA1:3EBF0ED8024FAECCA22C21C286652D25F97FDF6B
                                                                                                                                                                                                                                                                                                                          SHA-256:4FFB085F0511D484E63081A415D03C3EC86CFD8D461117AC6249EAB09F0D9332
                                                                                                                                                                                                                                                                                                                          SHA-512:BB06D366BE42D480EB75886F12B89FFCD3E64101EF11F82405147C76DEBC973F69253650BF917FA0DD66E16CF37F2B631365AF5165EA61593867E603EABBCEF1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"maximized"},"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""}}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):271360
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.512019872740585
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:lQc6SfOTv+u4Qff9ediEDxUEeeD0g5n7EFYBb87NG4FH8BUTIZL:nc+u4JdraIFlAjFHeNZL
                                                                                                                                                                                                                                                                                                                          MD5:C2777D2BEE96B0CA414BB35835367869
                                                                                                                                                                                                                                                                                                                          SHA1:09B29F0499F0E115D3C9554A7181EF6FA1F866B1
                                                                                                                                                                                                                                                                                                                          SHA-256:F2C3D3B345C4995FECD840021A5D26C8DABDEAAD675B2B07111990E3020182FD
                                                                                                                                                                                                                                                                                                                          SHA-512:D11898801C38244A493C1919F7CB1699C060DACC48520A6789BDCABD4E680E3478A47EECA4F6FD8C8DC7C90789BAF785302583A907F80E52A1C2197B491A8365
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Preview:!BDN?.g{SM......\...(...................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H..........2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.9376746962330352
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:5bd0DwjTIoOJMHDevMrzTJsHDKLfahmEgTJJzpOXG2A61Li1R434M0:5djTIXJuDe+qHD7QEc+nA6s1RU
                                                                                                                                                                                                                                                                                                                          MD5:91DFAB5DC02FF7599858D523889AAEC4
                                                                                                                                                                                                                                                                                                                          SHA1:6093D72BBCB42DC36D47B8C91450B926CAABFB75
                                                                                                                                                                                                                                                                                                                          SHA-256:B6C6D7023172035CFD0949F46629D57C63A8B76A9BB6E1F54359900A45397E67
                                                                                                                                                                                                                                                                                                                          SHA-512:BE57C93BE6FD0A2715F4A57AC006D91F030B794356BC669BFF0FAF88A622B9295DA7D51D3119E480661AAB4A2B8D9EE9058B91807CC4E4A230CDB9801DD79F52
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Preview:...lC...K.......h....i...W....................#.!BDN?.g{SM......\...(...................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H..........2.....i...W.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Downloads\5yJ4iIgk.gz.part

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):583286
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.996328018506881
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM50:EqBtRwrv4aVbQfFoGMu
                                                                                                                                                                                                                                                                                                                          MD5:04CAC86B62C708C6BA2A15A4B2692187
                                                                                                                                                                                                                                                                                                                          SHA1:A47A5BF4F198EDCB77CE628B7375B2B8ACDB903C
                                                                                                                                                                                                                                                                                                                          SHA-256:992AF75446DF3C44B9AACDD44E756C57610458970C2472BB7A1C397E9B2A3335
                                                                                                                                                                                                                                                                                                                          SHA-512:AA6E09BB6FF7382C98DD493838012FE70D53695298B1234B02C48572262B05FA199DC3A6543AC67D83633040B11A532627A07396904DD07E32311D69A025A469
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:PNGMSCF....s.......,............................$.........Y.? .Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG......$.....Y.? . ......$.....YK> .JIL-_Document_No._2500015903.scr.g.. aA..CK.}.\.M..$.....:.H....{...A. .i.,`A@..(b.....fE...........X...ww.d....}...0{...9.3;;s...:.d...p.]`.p8.p.?0..6.."...C...@..DDDEED.DEDD(..b.A.J..I(H....*(.jhh.Ru.u....5Tq$....OR@@RS.....hj..k.k....|M==8...du`....p...@...pb.....q.2n..H..'.`..?.<.;.......x....N".....=x2 ...j....X.....&gm.q.......v..!.Qz..".?j.vd.$D.....@R.l..e2...6v.;n..YP.. .}.l...lr:Y.......O&....U`.O...^D.........r{.d.h.Y...[....6..f...}...+.........*.j<.oQ(k>v+D..oE.t...)!.o..?.,.4......y'`a.y.v...."..>._TS...`..%wU..}..[.`}7g.U...Gk..5.M.\_k.....#..*.......;..9c.|@..W"1...D\.....|.._y..Z..9...Wva7s7.ava../{..\..#.&.X.................N..Y.f.-mJ..H...C.<........}.F.^^.0..rl.k.*.[.F.^..K.h-~.xQg.....f9-9)...|C...E....',3l..".......cC..n..(?...+........d*.F......-i..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Downloads\JIL-_Document_No._2500015903.GZ

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):583286
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.996328018506881
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM50:EqBtRwrv4aVbQfFoGMu
                                                                                                                                                                                                                                                                                                                          MD5:04CAC86B62C708C6BA2A15A4B2692187
                                                                                                                                                                                                                                                                                                                          SHA1:A47A5BF4F198EDCB77CE628B7375B2B8ACDB903C
                                                                                                                                                                                                                                                                                                                          SHA-256:992AF75446DF3C44B9AACDD44E756C57610458970C2472BB7A1C397E9B2A3335
                                                                                                                                                                                                                                                                                                                          SHA-512:AA6E09BB6FF7382C98DD493838012FE70D53695298B1234B02C48572262B05FA199DC3A6543AC67D83633040B11A532627A07396904DD07E32311D69A025A469
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:PNGMSCF....s.......,............................$.........Y.? .Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG......$.....Y.? . ......$.....YK> .JIL-_Document_No._2500015903.scr.g.. aA..CK.}.\.M..$.....:.H....{...A. .i.,`A@..(b.....fE...........X...ww.d....}...0{...9.3;;s...:.d...p.]`.p8.p.?0..6.."...C...@..DDDEED.DEDD(..b.A.J..I(H....*(.jhh.Ru.u....5Tq$....OR@@RS.....hj..k.k....|M==8...du`....p...@...pb.....q.2n..H..'.`..?.<.;.......x....N".....=x2 ...j....X.....&gm.q.......v..!.Qz..".?j.vd.$D.....@R.l..e2...6v.;n..YP.. .}.l...lr:Y.......O&....U`.O...^D.........r{.d.h.Y...[....6..f...}...+.........*.j<.oQ(k>v+D..oE.t...)!.o..?.,.4......y'`a.y.v...."..>._TS...`..%wU..}..[.`}7g.U...Gk..5.M.\_k.....#..*.......;..9c.|@..W"1...D\.....|.._y..Z..9...Wva7s7.ava../{..\..#.&.X.................N..Y.f.-mJ..H...C.<........}.F.^^.0..rl.k.*.[.F.^..K.h-~.xQg.....f9-9)...|C...E....',3l..".......cC..n..(?...+........d*.F......-i..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Downloads\JIL-_Document_No._2500015903.GZ:Zone.Identifier

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                                                                                                                                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                                                                                                                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                                                                                                                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                                                                                                                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\Downloads\s7FWqdnU.gz.part

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):583286
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.996328018506881
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM50:EqBtRwrv4aVbQfFoGMu
                                                                                                                                                                                                                                                                                                                          MD5:04CAC86B62C708C6BA2A15A4B2692187
                                                                                                                                                                                                                                                                                                                          SHA1:A47A5BF4F198EDCB77CE628B7375B2B8ACDB903C
                                                                                                                                                                                                                                                                                                                          SHA-256:992AF75446DF3C44B9AACDD44E756C57610458970C2472BB7A1C397E9B2A3335
                                                                                                                                                                                                                                                                                                                          SHA-512:AA6E09BB6FF7382C98DD493838012FE70D53695298B1234B02C48572262B05FA199DC3A6543AC67D83633040B11A532627A07396904DD07E32311D69A025A469
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:PNGMSCF....s.......,............................$.........Y.? .Chine_ana121983D605908193D491920FF33229307FF80688loodatke.PNG......$.....Y.? . ......$.....YK> .JIL-_Document_No._2500015903.scr.g.. aA..CK.}.\.M..$.....:.H....{...A. .i.,`A@..(b.....fE...........X...ww.d....}...0{...9.3;;s...:.d...p.]`.p8.p.?0..6.."...C...@..DDDEED.DEDD(..b.A.J..I(H....*(.jhh.Ru.u....5Tq$....OR@@RS.....hj..k.k....|M==8...du`....p...@...pb.....q.2n..H..'.`..?.<.;.......x....N".....=x2 ...j....X.....&gm.q.......v..!.Qz..".?j.vd.$D.....@R.l..e2...6v.;n..YP.. .}.l...lr:Y.......O&....U`.O...^D.........r{.d.h.Y...[....6..f...}...+.........*.j<.oQ(k>v+D..oE.t...)!.o..?.,.4......y'`a.y.v...."..>._TS...`..%wU..}..[.`}7g.U...Gk..5.M.\_k.....#..*.......;..9c.|@..W"1...D\.....|.._y..Z..9...Wva7s7.ava../{..\..#.&.X.................N..Y.f.-mJ..H...C.<........}.F.^^.0..rl.k.*.[.F.^..K.h-~.xQg.....f9-9)...|C...E....',3l..".......cC..n..(?...+........d*.F......-i..

                                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.908418323681853
                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                          • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                                                                                                                                          • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                                                                                                                                          File name:ReJIL-_Document_No._2500015903.msg
                                                                                                                                                                                                                                                                                                                          File size:632'320 bytes
                                                                                                                                                                                                                                                                                                                          MD5:f1d1d0f881bf1e10771c8e7d1230b28f
                                                                                                                                                                                                                                                                                                                          SHA1:1a7dd1a1d02119ac136dd6d0d95a9fe444e9741e
                                                                                                                                                                                                                                                                                                                          SHA256:bfa12644ac8d62fb73bf53594dce8a31f43c9c42f14de9aa2c77dd70fd168777
                                                                                                                                                                                                                                                                                                                          SHA512:2155eda6698b3e47636224b18802447010fef3c5515ddd575cfeef0646b0b1a98c2f685f4a46dfa89fa6a26ff117ca226f337c36732cfeb38c45179012b92cd6
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:8zuzxKqERYBsltaewnr0o8qIFs/IAbQfFoAbM5:2+qBtRwrv4aVbQfFoGM
                                                                                                                                                                                                                                                                                                                          TLSH:E1D412183AE05F16F27BDB3A49E2D5928025FD92EF20DB8F3691731E19B2690645072F
                                                                                                                                                                                                                                                                                                                          File Content Preview:........................>.......................................................Q...R...S...T...U...V...W...X...Y..............................................................................................................................................

                                                                                                                                                                                                                                                                                                                          Static Mail

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Subject:Re:JIL-_Document_No._2500015903
                                                                                                                                                                                                                                                                                                                          From:Salman<salman@matex-group.ae>
                                                                                                                                                                                                                                                                                                                          To:jennifer.heckman@marioncountyfl.org
                                                                                                                                                                                                                                                                                                                          Cc:
                                                                                                                                                                                                                                                                                                                          BCC:
                                                                                                                                                                                                                                                                                                                          Date:Tue, 24 Dec 2024 18:16:51 +0100
                                                                                                                                                                                                                                                                                                                          Communications:
                                                                                                                                                                                                                                                                                                                          • CAUTION: THIS MESSAGE IS FROM AN EXTERNAL SENDER This email originated from outside the organization. Do not click links, open attachments, or share any information unless you recognize the sender and know the content is safe. Report suspicious emails using the "Phish Alert" button in Outlook or contact the Helpdesk. Hi, Good day! Please send a quotation for JIL-_Document_No._2500015903 With Best Regards, Salman Technical and Commercial Expert General Trading Co.(LLC) Office no.1320, 13th floor Burlington tower, business bay Dubai-UAE P.O.Box:119183 Phone : +971-4-2296658 ,2498643 Fax : +971-4-5656170 salman@matex-group.ae <mailto:salman@matex-group.ae> www.matex-group.ae <http://www.matex-group.ae>
                                                                                                                                                                                                                                                                                                                          Attachments:
                                                                                                                                                                                                                                                                                                                          • screenshot20.png
                                                                                                                                                                                                                                                                                                                          • JIL-_Document_No._2500015903.GZ

                                                                                                                                                                                                                                                                                                                          Headers

                                                                                                                                                                                                                                                                                                                          Key Value
                                                                                                                                                                                                                                                                                                                          Receivedfrom matex-group.ae (216.131.81.250) by
                                                                                                                                                                                                                                                                                                                          by DM6PR09MB5576.namprd09.prod.outlook.com (260310b6:5:264::19) with
                                                                                                                                                                                                                                                                                                                          2024 1716:52 +0000
                                                                                                                                                                                                                                                                                                                          (260310b6:5:160::28) with Microsoft SMTP Server (version=TLS1_3,
                                                                                                                                                                                                                                                                                                                          24 Dec 2024 1716:52 +0000
                                                                                                                                                                                                                                                                                                                          Authentication-Resultsspf=softfail (sender IP is 216.131.81.250)
                                                                                                                                                                                                                                                                                                                          Received-SPFSoftFail (protection.outlook.com: domain of transitioning
                                                                                                                                                                                                                                                                                                                          1716:51 +0000
                                                                                                                                                                                                                                                                                                                          FromSalman<salman@matex-group.ae>
                                                                                                                                                                                                                                                                                                                          Tojennifer.heckman@marioncountyfl.org
                                                                                                                                                                                                                                                                                                                          SubjectRe:JIL-_Document_No._2500015903
                                                                                                                                                                                                                                                                                                                          Date24 Dec 2024 09:16:51 -0800
                                                                                                                                                                                                                                                                                                                          Message-ID<20241224091651.8134CD1914FC7262@matex-group.ae>
                                                                                                                                                                                                                                                                                                                          MIME-Version1.0
                                                                                                                                                                                                                                                                                                                          Content-Typemultipart/mixed;
                                                                                                                                                                                                                                                                                                                          Return-Pathsalman@matex-group.ae
                                                                                                                                                                                                                                                                                                                          X-EOPAttributedMessage0
                                                                                                                                                                                                                                                                                                                          X-EOPTenantAttributedMessage25a1914d-7aca-40d5-91d5-cd84a5137a31:0
                                                                                                                                                                                                                                                                                                                          X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                                                                                                                                          X-MS-TrafficTypeDiagnosticSA2PEPF00002250:EE_|DM6PR09MB5576:EE_
                                                                                                                                                                                                                                                                                                                          X-MS-Office365-Filtering-Correlation-Idd06ee8d7-7b11-43d8-2c2e-08dd243ec20c
                                                                                                                                                                                                                                                                                                                          X-LD-Processed25a1914d-7aca-40d5-91d5-cd84a5137a31,ExtAddr
                                                                                                                                                                                                                                                                                                                          X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                                                                                                                                                                                                                                                                          dateTue, 24 Dec 2024 18:16:51 +0100

                                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                                          Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.452961922 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.453075886 CET4434971535.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.453201056 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.461404085 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.461440086 CET4434971535.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.768953085 CET4434971535.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.769043922 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.777818918 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.777831078 CET4434971535.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.777949095 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.777976990 CET4434971535.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:30.778088093 CET49715443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.353945017 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.473531008 CET804971634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.473634958 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.473790884 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.593592882 CET804971634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:32.651680946 CET804971634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:32.706686020 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.560862064 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.561211109 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.561255932 CET4434971834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.561345100 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.562763929 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.562777996 CET4434971834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.682420969 CET804971734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.682507992 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.682708979 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.715816975 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.715857983 CET4434971934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.716152906 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.717490911 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.717509031 CET4434971934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.739475012 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.739507914 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.742784977 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.742865086 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.742875099 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.806833982 CET804971734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.861900091 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.861942053 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.862242937 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.862327099 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.862333059 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.865607977 CET804971734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.884381056 CET4434971834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.887222052 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892157078 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892170906 CET4434971834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892292976 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892330885 CET4434971834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892766953 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.892816067 CET4434972234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.893208981 CET49718443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.893258095 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.894570112 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.894587994 CET4434972234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.911700964 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.045629025 CET4434971934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.047482014 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.063277006 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.063724041 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.079408884 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.079427958 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.079674006 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.085643053 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.085664034 CET4434971934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.085743904 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.085851908 CET4434971934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.086416006 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.086483002 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.086564064 CET4434972035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.088135958 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.088154078 CET49719443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.088169098 CET49720443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.168333054 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.168369055 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.171643972 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.171673059 CET4434972334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.172755003 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.173975945 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.173985958 CET4434972334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.189650059 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.288366079 CET804971734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.288429022 CET4971780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.289012909 CET804971634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.289091110 CET4971680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.310353994 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.310493946 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.310653925 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.430665970 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.171752930 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.172061920 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.177618980 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.177624941 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.177892923 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.180886984 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.180958033 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.181019068 CET4434972134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.181096077 CET49721443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.205323935 CET4434972234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.205398083 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.209911108 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.209923029 CET4434972234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.209975004 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.210069895 CET4434972234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.210131884 CET49722443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.484260082 CET4434972334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.484334946 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489341021 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489362001 CET4434972334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489463091 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489464998 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489593029 CET4434972334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489656925 CET49723443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.490006924 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.490046978 CET4434972534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.490106106 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.491501093 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.491517067 CET4434972534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.542685986 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.893224955 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.012759924 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.012850046 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.013052940 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.036243916 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.132592916 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.155772924 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.369932890 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.423968077 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.858369112 CET4434972534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.860011101 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.865129948 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.865160942 CET4434972534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.865227938 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.865298033 CET4434972534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.865360022 CET49725443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:38.191632986 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:38.237721920 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:40.683654070 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:40.803437948 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:40.937782049 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.017178059 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.057473898 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.061748028 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.270973921 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.314749002 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.467657089 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.587198973 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.800533056 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.849749088 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333806038 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333858013 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333925009 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.334057093 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.334074020 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528198957 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528229952 CET4434973234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528357983 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528366089 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528414965 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528485060 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.530128956 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.530143023 CET4434973234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.532040119 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.532085896 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.588035107 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.588059902 CET4434973434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.588196993 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.589721918 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.589742899 CET4434973434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.275780916 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.395422935 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.661444902 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.663368940 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.783509970 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.783550024 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.783910036 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.788645983 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.788712025 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.788845062 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.788944006 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.802468061 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.852346897 CET4434973234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.852812052 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.853948116 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.853962898 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861470938 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861505032 CET4434973234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861521006 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861550093 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861627102 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861648083 CET4434973234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861748934 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861785889 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.861800909 CET4434973334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.862165928 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.862253904 CET4434973534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.862299919 CET49733443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.862310886 CET49732443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.862437010 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.863816023 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.863857985 CET4434973534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.912328959 CET4434973434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.912395954 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.917340040 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.917349100 CET4434973434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.917413950 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.917562008 CET4434973434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.917622089 CET49734443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.922008991 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.105101109 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.105154991 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.105273962 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.105496883 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.105510950 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.136334896 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.139585018 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.189840078 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.259177923 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.472820997 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.513796091 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.166304111 CET4434973534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.166425943 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.411828041 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.411923885 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.581650019 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.581681967 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.582140923 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.635806084 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.312541008 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.312592030 CET4434973534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.312644958 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.312855005 CET4434973534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.312925100 CET49735443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415378094 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415476084 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415628910 CET4434973734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415676117 CET49737443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415873051 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.415941954 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.416013956 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.416208029 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.416225910 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.734668016 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.734743118 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:56.869174004 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:56.869200945 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:56.869565964 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:56.923794985 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:59.321003914 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:59.321094990 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:59.321307898 CET4434973834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:59.321742058 CET49738443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.148907900 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.268539906 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.479860067 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.599623919 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.049173117 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.056308031 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.168834925 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.176544905 CET804972434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.176645041 CET4972480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.250334024 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.369791031 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.369884968 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.370083094 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.489505053 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:11.548022032 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:11.587915897 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.605920076 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.725389957 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858027935 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858067989 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858552933 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858681917 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858699083 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.197798967 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.197839022 CET44349745151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198106050 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198134899 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198323965 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198447943 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198450089 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198461056 CET44349745151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198633909 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198647022 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198831081 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.202747107 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.202781916 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.202886105 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203030109 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203047991 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203322887 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203351974 CET4434974835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203763962 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.205169916 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.205182076 CET4434974835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268106937 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268199921 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268244028 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268277884 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268362999 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268418074 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.268435955 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.311345100 CET44349745151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.311361074 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.311372042 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.311372995 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.315349102 CET4434974835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.318372011 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.388694048 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.389144897 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.391691923 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.391735077 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.169204950 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.169262886 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.169289112 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.499375105 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.499458075 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.499474049 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.504234076 CET44349745151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.504293919 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.504312038 CET49745443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.507762909 CET4434974835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.507827997 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.507844925 CET49748443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.509032011 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.509113073 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:14.509114027 CET49747443192.168.2.1634.149.100.209

                                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.453126907 CET6118453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.590007067 CET53611841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.590950966 CET6341353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.729264975 CET53634131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.214943886 CET5594353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.354393005 CET6353853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.491080999 CET53635381.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.492476940 CET5868953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.633476019 CET53586891.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:32.984194040 CET5919953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.003863096 CET5917053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.011781931 CET5049553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.012801886 CET6526753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.129911900 CET53591991.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.141505003 CET53591701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.149209976 CET53504951.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.561477900 CET6265953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.576284885 CET5082853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.700607061 CET53626591.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.701395988 CET5384353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.714906931 CET53508281.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.716105938 CET5184253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.739783049 CET5844153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.842715979 CET53538431.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.857383013 CET53518421.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.862665892 CET5627253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.964858055 CET53584411.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.965728045 CET5339053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.007716894 CET53562721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.067753077 CET5585653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.110222101 CET53533901.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.853966951 CET53558561.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.862158060 CET5153153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.999557972 CET53515311.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.004270077 CET5681353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.141673088 CET53568131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.189352989 CET5444053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.328926086 CET5983453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.099849939 CET4994853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.977125883 CET53564021.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.171849012 CET6212753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.196801901 CET5055553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.309146881 CET53621271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.311646938 CET6065353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.316229105 CET4997453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333479881 CET53505551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.389525890 CET4944353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.448853016 CET53606531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.449616909 CET5667553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.452965021 CET53499741.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.453583956 CET5412653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.527062893 CET53494431.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528867960 CET5703953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.586730957 CET53566751.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.591877937 CET53541261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.667527914 CET53570391.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.668380022 CET5750953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.805267096 CET53575091.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.803432941 CET5456053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.940644026 CET53545601.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.076467037 CET6067453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET53606741.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.301707029 CET5819753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.301707029 CET5367053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.438662052 CET53581971.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.441428900 CET53536701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.577503920 CET5442053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.578100920 CET5012453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.578299046 CET5082553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET53544201.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715069056 CET53508251.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715291977 CET6145953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715900898 CET5850153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.717200994 CET53501241.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.717667103 CET6141053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852708101 CET53614591.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852783918 CET53585011.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.955395937 CET53614101.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.309701920 CET5253953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.309792995 CET5536953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.446861982 CET53553691.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET53525391.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.699775934 CET5530653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.700308084 CET5855253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.836992025 CET53585521.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.837814093 CET5047153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.923090935 CET53553061.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.924037933 CET6301553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.975195885 CET53504711.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:56.134244919 CET53630151.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.244895935 CET6310753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.383445024 CET53631071.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858124018 CET5404053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001710892 CET53540401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198057890 CET5905653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198245049 CET6317853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203656912 CET6165853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.335519075 CET53631781.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.336324930 CET53590561.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.337059975 CET6547453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.341995955 CET53616581.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.475505114 CET53654741.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.609566927 CET5010853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.749032974 CET53501081.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.788374901 CET5735353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.925786972 CET53573531.1.1.1192.168.2.16

                                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.453126907 CET192.168.2.161.1.1.10xcc60Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.590950966 CET192.168.2.161.1.1.10x3593Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.214943886 CET192.168.2.161.1.1.10xf84Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.354393005 CET192.168.2.161.1.1.10x91d0Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.492476940 CET192.168.2.161.1.1.10xf68aStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:32.984194040 CET192.168.2.161.1.1.10x3879Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.003863096 CET192.168.2.161.1.1.10xbf0aStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.011781931 CET192.168.2.161.1.1.10x2a84Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.012801886 CET192.168.2.161.1.1.10xf8ddStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.561477900 CET192.168.2.161.1.1.10xec48Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.576284885 CET192.168.2.161.1.1.10x1552Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.701395988 CET192.168.2.161.1.1.10xede6Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.716105938 CET192.168.2.161.1.1.10xbbc1Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.739783049 CET192.168.2.161.1.1.10xebcdStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.862665892 CET192.168.2.161.1.1.10xccaeStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.965728045 CET192.168.2.161.1.1.10xd89dStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.067753077 CET192.168.2.161.1.1.10xf24fStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.862158060 CET192.168.2.161.1.1.10xba98Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.004270077 CET192.168.2.161.1.1.10xc38cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.189352989 CET192.168.2.161.1.1.10xd2ddStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.328926086 CET192.168.2.161.1.1.10xaf89Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.099849939 CET192.168.2.161.1.1.10xece3Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.171849012 CET192.168.2.161.1.1.10x322fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.196801901 CET192.168.2.161.1.1.10x889cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.311646938 CET192.168.2.161.1.1.10x71fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.316229105 CET192.168.2.161.1.1.10xa318Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.389525890 CET192.168.2.161.1.1.10x27c4Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.449616909 CET192.168.2.161.1.1.10x254bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.453583956 CET192.168.2.161.1.1.10xed39Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.528867960 CET192.168.2.161.1.1.10x83a0Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.668380022 CET192.168.2.161.1.1.10xc30aStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.803432941 CET192.168.2.161.1.1.10x4f95Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.076467037 CET192.168.2.161.1.1.10xebc6Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.301707029 CET192.168.2.161.1.1.10x51cfStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.301707029 CET192.168.2.161.1.1.10xdce5Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.577503920 CET192.168.2.161.1.1.10xce4aStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.578100920 CET192.168.2.161.1.1.10xaa0Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.578299046 CET192.168.2.161.1.1.10x1d32Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715291977 CET192.168.2.161.1.1.10x4579Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715900898 CET192.168.2.161.1.1.10xa005Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.717667103 CET192.168.2.161.1.1.10x556eStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.309701920 CET192.168.2.161.1.1.10x3eeeStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.309792995 CET192.168.2.161.1.1.10x727aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.699775934 CET192.168.2.161.1.1.10x3240Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.700308084 CET192.168.2.161.1.1.10x4b5aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.837814093 CET192.168.2.161.1.1.10xba59Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.924037933 CET192.168.2.161.1.1.10xde6bStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.244895935 CET192.168.2.161.1.1.10xaf0aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.858124018 CET192.168.2.161.1.1.10xcee8Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198057890 CET192.168.2.161.1.1.10x9721Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198245049 CET192.168.2.161.1.1.10x80f5Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.203656912 CET192.168.2.161.1.1.10x4309Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.337059975 CET192.168.2.161.1.1.10x972eStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.609566927 CET192.168.2.161.1.1.10x63b0Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.788374901 CET192.168.2.161.1.1.10x8aa4Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.450139999 CET1.1.1.1192.168.2.160x872eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:29.590007067 CET1.1.1.1192.168.2.160xcc60No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.352931023 CET1.1.1.1192.168.2.160xf84No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.352931023 CET1.1.1.1192.168.2.160xf84No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.491080999 CET1.1.1.1192.168.2.160x91d0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.633476019 CET1.1.1.1192.168.2.160xf68aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.129911900 CET1.1.1.1192.168.2.160x3879No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.141505003 CET1.1.1.1192.168.2.160xbf0aNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.141505003 CET1.1.1.1192.168.2.160xbf0aNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.149209976 CET1.1.1.1192.168.2.160x2a84No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.409957886 CET1.1.1.1192.168.2.160xf8ddNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.409957886 CET1.1.1.1192.168.2.160xf8ddNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.700607061 CET1.1.1.1192.168.2.160xec48No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.714906931 CET1.1.1.1192.168.2.160x1552No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.714906931 CET1.1.1.1192.168.2.160x1552No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.737626076 CET1.1.1.1192.168.2.160x71ccNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.737626076 CET1.1.1.1192.168.2.160x71ccNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.857383013 CET1.1.1.1192.168.2.160xbbc1No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.964858055 CET1.1.1.1192.168.2.160xebcdNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.853966951 CET1.1.1.1192.168.2.160xf24fNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.853966951 CET1.1.1.1192.168.2.160xf24fNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.853966951 CET1.1.1.1192.168.2.160xf24fNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.999557972 CET1.1.1.1192.168.2.160xba98No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.141673088 CET1.1.1.1192.168.2.160xc38cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.327925920 CET1.1.1.1192.168.2.160xd2ddNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.327925920 CET1.1.1.1192.168.2.160xd2ddNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.467118025 CET1.1.1.1192.168.2.160xaf89No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.467118025 CET1.1.1.1192.168.2.160xaf89No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.558583021 CET1.1.1.1192.168.2.160xece3No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.309146881 CET1.1.1.1192.168.2.160x322fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.314975977 CET1.1.1.1192.168.2.160x3b62No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333003044 CET1.1.1.1192.168.2.160xb149No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.333003044 CET1.1.1.1192.168.2.160xb149No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.448853016 CET1.1.1.1192.168.2.160x71fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.452965021 CET1.1.1.1192.168.2.160xa318No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.527062893 CET1.1.1.1192.168.2.160x27c4No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.527062893 CET1.1.1.1192.168.2.160x27c4No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:50.667527914 CET1.1.1.1192.168.2.160x83a0No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.940644026 CET1.1.1.1192.168.2.160x4f95No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.942997932 CET1.1.1.1192.168.2.160xb903No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.214226961 CET1.1.1.1192.168.2.160xebc6No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.438662052 CET1.1.1.1192.168.2.160x51cfNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.438662052 CET1.1.1.1192.168.2.160x51cfNo error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.441428900 CET1.1.1.1192.168.2.160xdce5No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.441428900 CET1.1.1.1192.168.2.160xdce5No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.714492083 CET1.1.1.1192.168.2.160xce4aNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.715069056 CET1.1.1.1192.168.2.160x1d32No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.717200994 CET1.1.1.1192.168.2.160xaa0No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852708101 CET1.1.1.1192.168.2.160x4579No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852708101 CET1.1.1.1192.168.2.160x4579No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852708101 CET1.1.1.1192.168.2.160x4579No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852708101 CET1.1.1.1192.168.2.160x4579No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.852783918 CET1.1.1.1192.168.2.160xa005No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:53.955395937 CET1.1.1.1192.168.2.160x556eNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.446861982 CET1.1.1.1192.168.2.160x727aNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET1.1.1.1192.168.2.160x3eeeNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET1.1.1.1192.168.2.160x3eeeNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET1.1.1.1192.168.2.160x3eeeNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET1.1.1.1192.168.2.160x3eeeNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:54.447087049 CET1.1.1.1192.168.2.160x3eeeNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.836992025 CET1.1.1.1192.168.2.160x4b5aNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.923090935 CET1.1.1.1192.168.2.160x3240No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.923090935 CET1.1.1.1192.168.2.160x3240No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.923090935 CET1.1.1.1192.168.2.160x3240No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:55.923090935 CET1.1.1.1192.168.2.160x3240No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001594067 CET1.1.1.1192.168.2.160x2ffdNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001594067 CET1.1.1.1192.168.2.160x2ffdNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001710892 CET1.1.1.1192.168.2.160xcee8No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001710892 CET1.1.1.1192.168.2.160xcee8No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001710892 CET1.1.1.1192.168.2.160xcee8No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.001710892 CET1.1.1.1192.168.2.160xcee8No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.336324930 CET1.1.1.1192.168.2.160x9721No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.336324930 CET1.1.1.1192.168.2.160x9721No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.336324930 CET1.1.1.1192.168.2.160x9721No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.336324930 CET1.1.1.1192.168.2.160x9721No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.341995955 CET1.1.1.1192.168.2.160x4309No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.341995955 CET1.1.1.1192.168.2.160x4309No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.475505114 CET1.1.1.1192.168.2.160x972eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.475505114 CET1.1.1.1192.168.2.160x972eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.475505114 CET1.1.1.1192.168.2.160x972eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.475505114 CET1.1.1.1192.168.2.160x972eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.749032974 CET1.1.1.1192.168.2.160x63b0No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          0192.168.2.164971634.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:31.473790884 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:32.651680946 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 17:03:56 GMT
                                                                                                                                                                                                                                                                                                                          Age: 74616
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          1192.168.2.164971734.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:33.682708979 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:34.865607977 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 16:44:26 GMT
                                                                                                                                                                                                                                                                                                                          Age: 75788
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          2192.168.2.164972434.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:35.310653925 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:36.489463091 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 17:03:56 GMT
                                                                                                                                                                                                                                                                                                                          Age: 74620
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.036243916 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.369932890 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 17:03:56 GMT
                                                                                                                                                                                                                                                                                                                          Age: 74621
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:40.937782049 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.270973921 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 17:03:56 GMT
                                                                                                                                                                                                                                                                                                                          Age: 74625
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.275780916 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:51.802468061 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.136334896 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 17:03:56 GMT
                                                                                                                                                                                                                                                                                                                          Age: 74635
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.148907900 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:07.049173117 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          3192.168.2.164972634.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:37.013052940 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:38.191632986 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 13:49:14 GMT
                                                                                                                                                                                                                                                                                                                          Age: 86304
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:40.683654070 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:41.017178059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 13:49:14 GMT
                                                                                                                                                                                                                                                                                                                          Age: 86306
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.467657089 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:42.800533056 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 13:49:14 GMT
                                                                                                                                                                                                                                                                                                                          Age: 86308
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.139585018 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:47:52.472820997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 13:49:14 GMT
                                                                                                                                                                                                                                                                                                                          Age: 86318
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:02.479860067 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:12.605920076 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          4192.168.2.164974034.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:10.370083094 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:11.548022032 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                          Date: Wed, 25 Dec 2024 16:38:32 GMT
                                                                                                                                                                                                                                                                                                                          Age: 76179
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                          Dec 26, 2024 14:48:13.198831081 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive


                                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                          Start time:08:46:55
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ReJIL-_Document_No._2500015903.msg"
                                                                                                                                                                                                                                                                                                                          Imagebase:0xed0000
                                                                                                                                                                                                                                                                                                                          File size:34'446'744 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                          Start time:08:46:59
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "13C184CF-6612-428C-9B3D-0B8B2FBB249B" "EC0390AB-FD20-4BC4-9931-1C7789466420" "2920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff636ca0000
                                                                                                                                                                                                                                                                                                                          File size:710'048 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                          Start time:08:47:06
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d3370000
                                                                                                                                                                                                                                                                                                                          File size:123'984 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                          Start time:08:47:25
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                                          Start time:08:47:25
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -osint --attempting-deelevation -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                          Start time:08:47:25
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                                                          Start time:08:47:27
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42f32c43-6ae8-4858-820e-356d2464dcf8} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2607156c510 socket
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                                                                          Start time:08:47:28
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 3968 -prefMapHandle 3888 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92d2cb94-0f6b-43f4-967c-ce8066be3f32} 876 "\\.\pipe\gecko-crash-server-pipe.876" 26082420310 rdd
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                                                                          Start time:08:47:41
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                                                                          Start time:08:47:41
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UGHXYJDZ\JIL-_Document_No._2500015903.GZ
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                                                                          Start time:08:47:50
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5268 -prefMapHandle 5676 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b08b45-2597-49eb-84bd-a77bd444c4c4} 876 "\\.\pipe\gecko-crash-server-pipe.876" 2608803cb10 utility
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                                                                          Start time:08:48:06
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6f4ee0000
                                                                                                                                                                                                                                                                                                                          File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                                                                          Start time:08:48:10
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Downloads\JIL-_Document_No._2500015903.GZ"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x3e0000
                                                                                                                                                                                                                                                                                                                          File size:952'832 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:30AC0B832D75598FB3EC37B6F2A8C86A
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\pingsender.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/92118fc7-b26d-4ba4-8aa3-ae9db125b705/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\92118fc7-b26d-4ba4-8aa3-ae9db125b705
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6953d0000
                                                                                                                                                                                                                                                                                                                          File size:80'800 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:B380758F0DAA6B44346C7994EB2408D7
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\pingsender.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/8703f130-6e6f-4e45-878c-98abc4931698/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8703f130-6e6f-4e45-878c-98abc4931698
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6953d0000
                                                                                                                                                                                                                                                                                                                          File size:80'800 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:B380758F0DAA6B44346C7994EB2408D7
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\pingsender.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/82a4d6ca-10cf-48af-99bb-486a9877ccf2/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\82a4d6ca-10cf-48af-99bb-486a9877ccf2
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6953d0000
                                                                                                                                                                                                                                                                                                                          File size:80'800 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:B380758F0DAA6B44346C7994EB2408D7
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                                                                          Start time:08:48:20
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                                                                          Start time:08:48:26
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d3370000
                                                                                                                                                                                                                                                                                                                          File size:123'984 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                                                                          Start time:08:48:30
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\notepad.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO459C1B0E\.text
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7cda80000
                                                                                                                                                                                                                                                                                                                          File size:201'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                                                                                                          Start time:08:48:35
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\notepad.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4592D3FE\version.txt
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7cda80000
                                                                                                                                                                                                                                                                                                                          File size:201'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                                                                                          Start time:08:48:56
                                                                                                                                                                                                                                                                                                                          Start date:26/12/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d3370000
                                                                                                                                                                                                                                                                                                                          File size:123'984 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                                          No disassembly