Windows Analysis Report
https://www.octopuspro.life/#/login

Overview

General Information

Sample URL:	https://www.octopuspro.life/#/login
Analysis ID:	1649425
Infos:

Detection

Score:	21
Range:	0 - 100
Confidence:	60%

Signatures

Tries to harvest and steal browser information (history, passwords, etc)

Drops PE files

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Classification

Signatures

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.148.94:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50089 version: TLS 1.2

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbHu source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb0 source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdbGCTL source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dcomp.pdb source: firefox.exe, 00000009.00000003.2054410541.0000020C4B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8netutils.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dwmapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdb source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: combase.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8iertutil.pdb source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbV source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000009.00000003.2082807131.0000020C45299000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 287MB

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.132
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.132
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: tx2a10bd4cf446486c97ede-0067d44ac7dfw1Cache-Control: public, max-age=29286Expires: Thu, 27 Mar 2025 02:27:53 GMTDate: Wed, 26 Mar 2025 18:19:47 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 Data Ascii: PKbNRgmpopenh264.dll|E0=I14f1q`q'+h*m{zo_{w$($A!|LB&A2s{DdcUU9uSKl`/d-|&9wnxi#O+Yl+,33f\cSSS,NGGF'&:'KZ&>@gMM`*ZR^jgGKbo~va<Z1.#OeDXi$imBWQ&P,M,:c-\*-iKI4a6*Ov=WFCH>a'x#@fdu1OV1o}g5_3JHiZipM.bZ%GF/3qJo%gN*})3N%!q*^Im~6#~+

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=o&oit=1&cp=1&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oc&oit=1&cp=2&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octo&oit=1&cp=4&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octop&oit=1&cp=5&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopu&oit=1&cp=6&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopus&oit=1&cp=7&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspr&oit=1&cp=9&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro&oit=1&cp=10&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.&oit=1&cp=11&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.li&oit=3&cp=13&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life&oit=3&cp=15&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life%2F&oit=3&cp=16&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life%2F%23&oit=3&cp=17&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/vant.bf6013a5.css HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/index.523307d0.css HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/index.b0a3a26f.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@vue.d3b2b407.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@vant.378c9e84.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vant.9dc2feea.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has-symbols.456daba2.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has-proto.4a87f140.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/function-bind.72d06d3b.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has.851ffceb.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/get-intrinsic.1f7927fd.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/call-bind.218c9af5.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/crypto-js.71120912.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/pinia.d3ba3a69.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/pinia-plugin-persistedstate.35ef556e.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/uuid.5e712abb.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vue-router.6cf43cf2.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@intlify.d5940eca.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vue-i18n.69c8aa1d.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /config.js?1743013111137 HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1
Source: global traffic	HTTP traffic detected: GET /assets/js/@vue.d3b2b407.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/@vant.378c9e84.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/vant.9dc2feea.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/has-symbols.456daba2.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/has-proto.4a87f140.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/function-bind.72d06d3b.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.24R2mrw_td8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9vR1rNwOjC3PXOxUlyKiCwNBv2Fg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEY4OLOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1Host: ciscobinary.openh264.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2015943236.0000020C3C854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47DC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.facebook.com","facebook.com"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.youtube.com","youtube.com"] equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: addImpression/groupsWithFrequency<sendPBNewTabMessage/</<.messages<{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}in handleMessageRequest, arguments = browser.promo.cookiebanners.enabledloadMessagesForProvider/messages<impression added, impressions[item.id]: _updateMessageProviders/providers<registerBadgeNotificationListener_updateMessageProviders/providerIDs<{a50d61ca-d27b-437a-8b52-5fd801a0a88b}{4170faaa-ee87-4a0e-b57a-1aec49282887}_removePreviewEndpoint/state.providers<_isBelowItemFrequencyCap/impressionsInPeriod<{9c63d15c-b4d9-43bd-b223-37f0a1f22e2a}loadMessagesFromAllProviders/messages<isBelowFrequencyCaps/_belowGroupFrequencyCaps<entering addScreenImpression for loadMessagesForProvider/<.messages<_resetInitialization/this.waitForInitialized<_updateMessageProviders/</<.messages<_cleanupImpressionsForItems/</impressions[id]< is not in the list of allowed hosts.forcePBWindow/privateBrowserOpener<{bb1b80be-e6b3-40a1-9b6e-9d4073343f0b}blockMessageById called, idOrIds = https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises<forceAttribution/attributionData<{8cda9ce6-7893-4f47-ac70-a65215cec288}{a79fafce-8da6-4685-923f-7ba1015b8748})loadMessagesFromAllProviders/needsUpdate<cfr-doorhanger-extension-ok-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}]\|mapToProperty('host'))\|length > 0{8a802b5a-eeab-11e2-a41d-b0096288709b}{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack{3923146e-98cb-472b-9c13-f6849d34d6b8}cfr-doorhanger-extension-cancel-buttonEnhancer for YouTube"!chrome://global/skin/icons/security.svgcfr-doorhanger-doh-primary-button-2cfr-doorhanger-feature-notificationtracking-protection-icon-containercfr-doorhanger-milestone-heading2{09e26ae9-e9c1-477c-80a6-99934212f2fe}cfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svg{e20e0de5-1667-4df4-bd69-705720e37391}cfr-doorhanger-milestone-ok-buttoncfr-doorhanger-doh-secondary-button{ebf47fc8-01d8-4dba-aa04-2118402f4b20}jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpackenhancerforyoutube@maximerf.addons.mozilla.org{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}{5737a280-b359-4e26-95b0-adec5915a854}WIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMScfr-doorhanger-extension-sumo-linkcfr-doorhanger-extension-manage-settings-button intersect topFrecentSites[.frecency >= {1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-notification2default-browser-notification-messagedefault-browser-notification-button["www.youtube.com","youtube.com"]resource://gre/modules/XPCOMUtils.sys.mjsresource://gre/modules/AppConstants.sys.mjs["www.wikipedia.org","wikipedia.org"]resource://nimbus/ExperimentAPI.sys.mjsresource:///modules/ShellService.sys.mjs["www.facebook.com","facebook.com"]services.sync.clients.devices.mobileresource://gre/modules/BrowserUtils.sys.mjsbrowser.startup.upgradeDialog.pinPBM.disabledetp-promotions?as=u&utm_source=inproductchrome://browser/content/cfr-lightning.svgchrome://browser/content/cfr-lightning-dark.svgmr2022-onboard
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: addImpression/groupsWithFrequency<sendPBNewTabMessage/</<.messages<{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}in handleMessageRequest, arguments = browser.promo.cookiebanners.enabledloadMessagesForProvider/messages<impression added, impressions[item.id]: _updateMessageProviders/providers<registerBadgeNotificationListener_updateMessageProviders/providerIDs<{a50d61ca-d27b-437a-8b52-5fd801a0a88b}{4170faaa-ee87-4a0e-b57a-1aec49282887}_removePreviewEndpoint/state.providers<_isBelowItemFrequencyCap/impressionsInPeriod<{9c63d15c-b4d9-43bd-b223-37f0a1f22e2a}loadMessagesFromAllProviders/messages<isBelowFrequencyCaps/_belowGroupFrequencyCaps<entering addScreenImpression for loadMessagesForProvider/<.messages<_resetInitialization/this.waitForInitialized<_updateMessageProviders/</<.messages<_cleanupImpressionsForItems/</impressions[id]< is not in the list of allowed hosts.forcePBWindow/privateBrowserOpener<{bb1b80be-e6b3-40a1-9b6e-9d4073343f0b}blockMessageById called, idOrIds = https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises<forceAttribution/attributionData<{8cda9ce6-7893-4f47-ac70-a65215cec288}{a79fafce-8da6-4685-923f-7ba1015b8748})loadMessagesFromAllProviders/needsUpdate<cfr-doorhanger-extension-ok-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}]\|mapToProperty('host'))\|length > 0{8a802b5a-eeab-11e2-a41d-b0096288709b}{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack{3923146e-98cb-472b-9c13-f6849d34d6b8}cfr-doorhanger-extension-cancel-buttonEnhancer for YouTube"!chrome://global/skin/icons/security.svgcfr-doorhanger-doh-primary-button-2cfr-doorhanger-feature-notificationtracking-protection-icon-containercfr-doorhanger-milestone-heading2{09e26ae9-e9c1-477c-80a6-99934212f2fe}cfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svg{e20e0de5-1667-4df4-bd69-705720e37391}cfr-doorhanger-milestone-ok-buttoncfr-doorhanger-doh-secondary-button{ebf47fc8-01d8-4dba-aa04-2118402f4b20}jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpackenhancerforyoutube@maximerf.addons.mozilla.org{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}{5737a280-b359-4e26-95b0-adec5915a854}WIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMScfr-doorhanger-extension-sumo-linkcfr-doorhanger-extension-manage-settings-button intersect topFrecentSites[.frecency >= {1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-notification2default-browser-notification-messagedefault-browser-notification-button["www.youtube.com","youtube.com"]resource://gre/modules/XPCOMUtils.sys.mjsresource://gre/modules/AppConstants.sys.mjs["www.wikipedia.org","wikipedia.org"]resource://nimbus/ExperimentAPI.sys.mjsresource:///modules/ShellService.sys.mjs["www.facebook.com","facebook.com"]services.sync.clients.devices.mobileresource://gre/modules/BrowserUtils.sys.mjsbrowser.startup.upgradeDialog.pinPBM.disabledetp-promotions?as=u&utm_source=inproductchrome://browser/content/cfr-lightning.svgchrome://browser/content/cfr-lightning-dark.svgmr2022-onboard
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2015943236.0000020C3C854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2172577799.0000020C3DDDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://2cc91266-7e73-453a-a128-14ace4899d8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072372795.0000020C3A780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2072257784.0000020C3A7CC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2076031962.0000020C3A7CD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comLMEM( equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2085814193.0000020C3A782000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072372795.0000020C3A780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45069000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: octopuspro.life
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy.tombstone.experimenter.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: o.pki.goog
Source: global traffic	DNS traffic detected: DNS query: pki-goog.l.google.com
Source: global traffic	DNS traffic detected: DNS query: a19.dscg10.akamai.net
Source: global traffic	DNS traffic detected: DNS query: api.toivaex.site
Source: global traffic	DNS traffic detected: DNS query: ogads-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=rc7oWztc7Q%2FI9SX4jJCq4XQJZG5Vjysos8WuYivkf1lqWtNBCNG9jWWyvEm5jqt9VffPHfEl9w8UqNO9KkX%2BEzpeSdUBvqlCNqR%2BsVzdgcdM7nj8Uxn58Jp5NY7gypYfYvI%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 420Content-Type: application/reports+jsonOrigin: https://octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 18:18:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rc7oWztc7Q%2FI9SX4jJCq4XQJZG5Vjysos8WuYivkf1lqWtNBCNG9jWWyvEm5jqt9VffPHfEl9w8UqNO9KkX%2BEzpeSdUBvqlCNqR%2BsVzdgcdM7nj8Uxn58Jp5NY7gypYfYvI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9268a6b838fd19b6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=90878&min_rtt=89987&rtt_var=19899&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1165&delivery_rate=33957&cwnd=252&unsent_bytes=0&cid=eec68b5ead4747a8&ts=266&x=0"

Source: firefox.exe, 00000009.00000003.2164697736.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: cert9.db.9.dr	String found in binary or memory: http://c.pki.goog/r/r4.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.d
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssureM
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000009.00000003.2101689356.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microso
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-=
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000009.00000003.2353165330.0000020C433C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2056906923.0000020C4A832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2221638943.0000020C47D49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2041919474.0000020C4C0C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2058505926.0000020C4A81E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000009.00000003.2158273224.0000020C47CBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2171952493.0000020C3DDE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2180794849.0000020C3D1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000009.00000003.2076156379.0000020C4B94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000009.00000003.2262808907.0000020C3E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: cert9.db.9.dr	String found in binary or memory: http://i.pki.goog/r4.crt0
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/0#
Source: firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/6
Source: firefox.exe, 00000009.00000003.2225540386.0000020C3DDC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880631189.0000020C3B45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1921335695.0000020C3C80B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2037931648.0000020C4B672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1792492544.0000020C3B91B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2164697736.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1784522447.0000020C3B8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872258851.0000020C3C889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2046232785.0000020C4B7E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1757677409.0000020C3B5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2159923578.0000020C47C36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1853019353.0000020C44F64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880243347.0000020C3B46B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2178653493.0000020C3D20A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2222518122.0000020C47C37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880243347.0000020C3B476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2262564950.0000020C3E881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1998122681.0000020C3802A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1837883964.0000020C3B4C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/b
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: chromecache_284.1.dr	String found in binary or memory: http://www.broofa.com
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/5
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000009.00000003.2092668620.0000020C31ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000009.00000003.2092668620.0000020C31AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000009.00000003.2047815011.0000020C4B7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2181809025.0000020C3D176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1782938016.0000020C3CB87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2283549791.0000020C4B7BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1783796584.0000020C3CADC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: mozilla-temp-41.9.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000009.00000003.2350610253.0000020C4A8DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000009.00000003.2052844897.0000020C4B98E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000009.00000003.2136742971.0000020C4C14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: chromecache_283.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_283.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: firefox.exe, 00000009.00000003.2168647356.0000020C3E836000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/mr2022-onboarding-set-default-primary-
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/fluent:about-private-browsing-focus-prom
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/This
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.comZ
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: chromecache_282.1.dr	String found in binary or memory: https://api.toivaex.site
Source: chromecache_284.1.dr, chromecache_283.1.dr	String found in binary or memory: https://apis.google.com
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: chromecache_282.1.dr	String found in binary or memory: https://app.vskefu.com
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000009.00000003.2142744470.0000020C4B30F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2147624831.0000020C478CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2258540104.0000020C478CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000009.00000003.2142744470.0000020C4B30F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000009.00000003.2293497157.0000020C447C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2340448301.0000020C447C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352163185.0000020C447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000009.00000003.2293497157.0000020C447C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2340448301.0000020C447C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352163185.0000020C447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000009.00000003.2251822632.0000020C4BA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2256639340.0000020C4AAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055994759.0000020C4AAB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696586146862.12791&key=1696586146400600
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696586146862.12791&key=1696586146400600000.1&cta
Source: firefox.exe, 00000009.00000003.2053567266.0000020C4B747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BB63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2014129847.0000020C3D39D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000009.00000003.2012598298.0000020C3B33D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000009.00000003.2014129847.0000020C3D39D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075resource:///modules/sessionstore/SessionStore.sy
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464resource://activity-stream/common/ActorConstants
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739experimental-features-cookie-samesite-none-requi
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2014317196.0000020C4B656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000009.00000003.2011153994.0000020C4B6E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 00000009.00000003.1921335695.0000020C3C80B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000009.00000003.2015081454.0000020C3B33D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000009.00000003.2012648033.0000020C44F45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 00000009.00000003.2011272483.0000020C4B6DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 00000009.00000003.2014269128.0000020C4B6E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: chromecache_283.1.dr	String found in binary or memory: https://clients6.google.com
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: chromecache_283.1.dr	String found in binary or memory: https://content.googleapis.com
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000009.00000003.2260147449.0000020C4503A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2052844897.0000020C4B99B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000009.00000003.2147624831.0000020C478EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000009.00000003.1880631189.0000020C3B453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000009.00000003.1786170696.0000020C44FD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: chromecache_283.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1784522447.0000020C3B8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2114142059.0000020C382F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1876921815.0000020C382EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1920211618.0000020C382EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1996263236.0000020C382F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000009.00000003.1820281604.0000020C4AFE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000009.00000003.1814851460.0000020C4B885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47C9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000009.00000003.2256835561.0000020C482AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000009.00000003.1834268016.0000020C4B95A000.00000004.00000800.00020000.00000000.sdmp, chromecache_286.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.mdCSSResult
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650devtools-serviceworker-debugger-supportbrowser-shutdo
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000009.00000003.2012816981.0000020C44F33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000009.00000003.1911168985.0000020C4C03D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: prefs-1.js.9.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLmfC2m4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000009.00000003.2172849643.0000020C3D4D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2151866707.0000020C450A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C450A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: pingsender.exe, 00000011.00000003.2491831290.000001F2756C9000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000003.2485270722.000001F2756BE000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2507338545.000001F2756C8000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/
Source: pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/O
Source: pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/emetry.mozilla.org/a/o
Source: firefox.exe, 00000009.00000003.2225540386.0000020C3DDA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2510173009.00000208A4D08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/activity-stream/sessions/1/a6defceb-d773-4814-8b46-897
Source: firefox.exe, 00000009.00000003.2177295249.0000020C3D2F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/ef2a241e-db57-4556-96cf-d5c0d
Source: firefox.exe, 00000009.00000003.2354594869.0000020C3E874000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/27acd6f2-d312-40b4-9798-bbc8
Source: firefox.exe, 00000009.00000003.2294637225.0000020C4475A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/a109723b-26d6-405d-ab65-9e32a
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47C8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/132d4f2f-cfd2-473c
Source: firefox.exe, 00000009.00000003.2257793597.0000020C47D91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47C8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/e3951473-f042-4512
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/F
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Fi
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitiu
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C57C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2159923578.0000020C47C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000009.00000003.1786170696.0000020C44FD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000009.00000003.2350187821.0000020C4BB11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2052844897.0000020C4B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2080994727.0000020C47CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A4281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life
Source: firefox.exe, 00000009.00000003.2052844897.0000020C4B9AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/
Source: firefox.exe, 00000009.00000003.2262808907.0000020C3E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E84D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/#/login
Source: firefox.exe, 00000009.00000003.2159923578.0000020C47C25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/#/loginfterupdate_triggermoz_openpages_tempCREATE
Source: recovery.jsonlz4.tmp.9.dr, sessionstore.jsonlz4.tmp.9.dr	String found in binary or memory: https://octopuspro.life/#/loginr
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: chromecache_284.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/player/
Source: chromecache_283.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_283.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com/
Source: chromecache_282.1.dr	String found in binary or memory: https://qb.toivaex2.online
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000009.00000003.2054768144.0000020C4B31B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2220972742.0000020C47D6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000009.00000003.1880631189.0000020C3B453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2162364912.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000009.00000003.2251822632.0000020C4BA8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000009.00000003.2048421679.0000020C4B3E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2497134956.00000208A4212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/Error:
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2169300879.0000020C3E795000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2355658144.0000020C3E7F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2510173009.00000208A4D08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user;
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000009.00000003.2367234258.0000020C4B2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2157452326.0000020C47D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000009.00000003.2146201767.0000020C48230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000009.00000003.2255882167.0000020C4B7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000009.00000003.2255882167.0000020C4B7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/extension-permissions
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000009.00000003.1910679867.0000020C4C0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055994759.0000020C4AAB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000009.00000003.2173523099.0000020C3D4C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.BoEX37k-iQhx
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000009.00000003.2053435029.0000020C4B985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: chromecache_283.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_1489ebcc3648faa1d485bf99fe44320523fb3b015627dc7b
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/Z
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1786375824.0000020C44FA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/searchf59fddbc-580b-4672-9cda-32941ceec730OffscreenCanvasRenderingCo
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000009.00000003.2139391096.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: chromecache_283.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_283.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000009.00000003.2367234258.0000020C4B2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1815679447.0000020C4A8F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2157452326.0000020C47D31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2283549791.0000020C4B7D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000009.00000003.2037931648.0000020C4B672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1816084626.0000020C4A8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bKxBjSHff0w5
Source: firefox.exe, 00000009.00000003.1814851460.0000020C4B885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.0qLVhD3otCFX
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000009.00000003.2342910324.00003116E7503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E84D000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.9.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/Z
Source: firefox.exe, 00000009.00000003.2053435029.0000020C4B985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000009.00000003.2011003691.0000020C3800E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2151866707.0000020C4507A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z
Source: firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.148.94:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50089 version: TLS 1.2

Source: classification engine

Classification label: sus21.spyw.win@71/121@108/21

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5404:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 00000009.00000003.2136742971.0000020C4C14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: firefox.exe, 00000009.00000003.2160796202.0000020C45537000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE moz_places SET foreign_count = foreign_count + 1 WHERE id = NEW.place_id;

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,16098732947600895815,880820879046812207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e94b11-9dd0-4c60-bb90-7df78882f2ae} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad6b310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -parentBuildID 20230927232528 -prefsHandle 880 -prefMapHandle 3340 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa24571-b623-4e3f-95a2-0521d45f35d7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad42610 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518 https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2100,i,16554877912255492363,11986247822077278540,262144 --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,16098732947600895815,880820879046812207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e94b11-9dd0-4c60-bb90-7df78882f2ae} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad6b310 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -parentBuildID 20230927232528 -prefsHandle 880 -prefMapHandle 3340 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa24571-b623-4e3f-95a2-0521d45f35d7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad42610 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518 https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2100,i,16554877912255492363,11986247822077278540,262144 --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbHu source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb0 source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdbGCTL source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dcomp.pdb source: firefox.exe, 00000009.00000003.2054410541.0000020C4B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8netutils.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dwmapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdb source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: combase.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8iertutil.pdb source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbV source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000009.00000003.2082807131.0000020C45299000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: gmpopenh264.dll.tmp.9.dr

Static PE information: section name: .rodata

Drops PE files

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: pingsender.exe, 00000011.00000002.2500012178.000001F27562A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%
Source: firefox.exe, 0000000A.00000002.2490927450.0000013FEB66A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2476242221.0000027B138CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2482736644.0000027B13DA0000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW?
Source: firefox.exe, 0000000B.00000002.2492022598.00000208A3EFA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed	Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.148.94	octopuspro.life	United States	13335	CLOUDFLARENETUS	false
151.101.1.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
142.251.40.228	www.google.com	United States	15169	GOOGLEUS	false
142.251.40.206	plus.l.google.com	United States	15169	GOOGLEUS	false
44.240.131.83	shavar.prod.mozaws.net	United States	16509	AMAZON-02US	false
104.21.29.43	unknown	United States	13335	CLOUDFLARENETUS	false
34.49.51.44	normandy.tombstone.experimenter.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
23.199.55.56	a19.dscg10.akamai.net	United States	20940	AKAMAI-ASN1EU	false
172.64.80.1	api.toivaex.site	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
142.251.40.138	ogads-pa.clients6.google.com	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
142.251.41.3	pki-goog.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18
127.0.0.1

Contacted Domains

Name	IP	Active
example.org	23.215.0.133	true
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true
services.addons.mozilla.org	151.101.1.91	true
contile.services.mozilla.com	34.117.188.166	true
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true
a19.dscg10.akamai.net	23.199.55.56	true
ogads-pa.clients6.google.com	142.251.40.138	true
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true
ipv4only.arpa	192.0.0.171	true
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true
push.services.mozilla.com	34.107.243.93	true
www.google.com	142.251.40.228	true
normandy.tombstone.experimenter.prod.webservices.mozgcp.net	34.49.51.44	true
api.toivaex.site	172.64.80.1	true
star-mini.c10r.facebook.com	57.144.180.1	true
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
twitter.com	172.66.0.227	true
a.nel.cloudflare.com	35.190.80.1	true
shavar.prod.mozaws.net	44.240.131.83	true
plus.l.google.com	142.251.40.206	true
octopuspro.life	172.67.148.94	true
dyna.wikimedia.org	208.80.154.224	true
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true
pki-goog.l.google.com	142.251.41.3	true
youtube-ui.l.google.com	142.251.40.206	true
reddit.map.fastly.net	199.232.89.140	true
play.google.com	142.251.40.174	true
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true
www.reddit.com	unknown	unknown
spocs.getpocket.com	unknown	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown
support.mozilla.org	unknown	unknown
firefox.settings.services.mozilla.com	unknown	unknown
www.youtube.com	unknown	unknown
www.facebook.com	unknown	unknown
detectportal.firefox.com	unknown	unknown
normandy.cdn.mozilla.net	unknown	unknown
o.pki.goog	unknown	unknown
shavar.services.mozilla.com	unknown	unknown
apis.google.com	unknown	unknown
www.wikipedia.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life&oit=3&cp=15&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopu&oit=1&cp=6&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oc&oit=1&cp=2&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octo&oit=1&cp=4&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.li&oit=3&cp=13&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://octopuspro.life/assets/js/index.b0a3a26f.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/@vue.d3b2b407.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/get-intrinsic.1f7927fd.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/has-proto.4a87f140.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/crypto-js.71120912.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/has.851ffceb.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/favicon.ico	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/call-bind.218c9af5.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/@vant.378c9e84.js	false	Avira URL Cloud: safe	unknown
https://octopuspro.life/assets/js/vue-router.6cf43cf2.js	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8ff37a20-0409-49a4-ae03-98b2291acb8a.json (copy)	JSON data	05A9FC42DA17E1BDDED55E0408DE3ECB	1F4B22101FDD75C824BBB931D2A578044A3689D8	3CAAB955E88E0017B2ECBF5ACF186CECBE9412F4E6A44A6F14A71143C465CD1C
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8ff37a20-0409-49a4-ae03-98b2291acb8a.json.tmp	JSON data	05A9FC42DA17E1BDDED55E0408DE3ECB	1F4B22101FDD75C824BBB931D2A578044A3689D8	3CAAB955E88E0017B2ECBF5ACF186CECBE9412F4E6A44A6F14A71143C465CD1C
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]	D910AD167F0217587501FDCDB33CC544	2F57441CEFDC781011B53C1C5D29AC54835AFC1D	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
C:\Users\user\AppData\Local\Temp\tmpaddon	Zip archive data, at least v2.0 to extract, compression method=deflate	85430BAED3398695717B0263807CF97C	FFFBEE923CEA216F50FCE5D54219A188A5100F41	A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\AlternateServices-1.txt	ASCII text	01EB914EEFABE7BB33336BDBA60C87FA	9FFFD7E964D327BF852C7FFBD41D78C8E391B4E1	FF975881BE44D97CC40FF10184FBDBB6F699D335A7F5E6663326C4905B3557E0
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\AlternateServices.txt (copy)	ASCII text	01EB914EEFABE7BB33336BDBA60C87FA	9FFFD7E964D327BF852C7FFBD41D78C8E391B4E1	FF975881BE44D97CC40FF10184FBDBB6F699D335A7F5E6663326C4905B3557E0
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\ExperimentStoreData.json (copy)	JSON data	AB8C78F5F8F4D7DCE9FD80276006C165	FE63B219353F1E32CB33E04ED627EA6D492A24DE	A2D2ACDAE8B5E106944BC64BFF9BC9A29EC8D3D4BE409C260FA21D836C7BFC94
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\ExperimentStoreData.json.tmp	JSON data	AB8C78F5F8F4D7DCE9FD80276006C165	FE63B219353F1E32CB33E04ED627EA6D492A24DE	A2D2ACDAE8B5E106944BC64BFF9BC9A29EC8D3D4BE409C260FA21D836C7BFC94
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\SiteSecurityServiceState-1.txt	CSV text	42CAD744DBCE207397A5AE64314D213D	7BBB16E23CEB664A6F842E13CEDDE46EF512A5DC	08674458B59F3401B66618CE5ACBE513E4C2BE13B10DF74B91A785926A052251
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\SiteSecurityServiceState.txt (copy)	CSV text	42CAD744DBCE207397A5AE64314D213D	7BBB16E23CEB664A6F842E13CEDDE46EF512A5DC	08674458B59F3401B66618CE5ACBE513E4C2BE13B10DF74B91A785926A052251
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\addonStartup.json.lz4 (copy)	Mozilla lz4 compressed data, originally 22422 bytes	EB56C2F4DA9435F3D5574161F414CD17	74A8FC3EC0559740FD9D835B638354985E2DEAB6	394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\addonStartup.json.lz4.tmp	Mozilla lz4 compressed data, originally 22422 bytes	EB56C2F4DA9435F3D5574161F414CD17	74A8FC3EC0559740FD9D835B638354985E2DEAB6	394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\addons.json (copy)	JSON data	3088F0272D29FAA42ED452C5E8120B08	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\addons.json.tmp	JSON data	3088F0272D29FAA42ED452C5E8120B08	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\cert9.db	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 8, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 8	7BA04A18063B876154B53B6DFE140BF8	0DF03516953950A27F69D8C56C8A0EA96FAF8163	6BF371CFD2CE335117FEEBEE866ADD5A339F295C6BBB2BDB10DDE563CAAF8D12
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\cert9.db-journal	SQLite Rollback Journal	8C208D5FB3E71EDDDCEFAFAC579668A2	379666E0EEE14136B375145AB59BBA71DC0C5E03	20E637E40E17BD6134FF4B95CC1887FCB0BFF1234CFA8702D72C5BDB79CE37A5
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\cert_override-1.txt	ASCII text, with CRLF line terminators	12BF35644B8A7DA13A0A58ACBCDF412F	D0B021EC339395BF2A12EDE8A08DE9F7638FF509	8A5AF3C7D255B4726CF1B1A53E13E5314995DDF24ED874C6F220961FFA40E638
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\cert_override.txt	ASCII text, with CRLF line terminators	12BF35644B8A7DA13A0A58ACBCDF412F	D0B021EC339395BF2A12EDE8A08DE9F7638FF509	8A5AF3C7D255B4726CF1B1A53E13E5314995DDF24ED874C6F220961FFA40E638
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\crashes\store.json.mozlz4 (copy)	Mozilla lz4 compressed data, originally 56 bytes	A6338865EB252D0EF8FCF11FA9AF3F0D	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\crashes\store.json.mozlz4.tmp	Mozilla lz4 compressed data, originally 56 bytes	A6338865EB252D0EF8FCF11FA9AF3F0D	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\extensions.json (copy)	JSON data	12DB34F3E291B4E311977F037A68296C	C72A8D3F8308EA35352966D1CD78C0F838D9F37D	153881B9A33BCA75184FD1E527AA5FBEDACA27E94F1FA2493A3DC25ED2BD64FA
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\extensions.json.tmp	JSON data	12DB34F3E291B4E311977F037A68296C	C72A8D3F8308EA35352966D1CD78C0F838D9F37D	153881B9A33BCA75184FD1E527AA5FBEDACA27E94F1FA2493A3DC25ED2BD64FA
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FE3355639648C417E8307C6D051E3E37	F54602D4B4778DA21BC97C7238FC66AA68C8EE34	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FE3355639648C417E8307C6D051E3E37	F54602D4B4778DA21BC97C7238FC66AA68C8EE34	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)	ASCII text	3D33CDC0B3D281E67DD52E14435DD04F	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp	ASCII text	3D33CDC0B3D281E67DD52E14435DD04F	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\prefs-1.js	ASCII text, with very long lines (1717), with CRLF line terminators	2EC524C41BFED4112FD97046F7102C7C	0F7E04E8F3B7769E7FB47EBE72F11FD8F6242CE8	075B3C655A3728B0C0F5D047188349D342E606CC515B9F815E22C0749C797A9F
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\prefs.js (copy)	ASCII text, with very long lines (1717), with CRLF line terminators	2EC524C41BFED4112FD97046F7102C7C	0F7E04E8F3B7769E7FB47EBE72F11FD8F6242CE8	075B3C655A3728B0C0F5D047188349D342E606CC515B9F815E22C0749C797A9F
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518 (copy)	JSON data	24E19CE1DFF491778C94A3E5074BC4BF	E174F1B2A2A4C94D2FA8872D6E75E27A34C15AFD	346EFD8EB632147D42F1B79624CDE6A3D6176B6FFA9D1403F59BF3780DC4CB1D
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518.tmp	JSON data	24E19CE1DFF491778C94A3E5074BC4BF	E174F1B2A2A4C94D2FA8872D6E75E27A34C15AFD	346EFD8EB632147D42F1B79624CDE6A3D6176B6FFA9D1403F59BF3780DC4CB1D
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\7764dbd0-63c1-4fc2-a8d8-edb23d448abb (copy)	JSON data	3E284F19F480092EF9880964FEF5C824	FD8B688E79C109335CE006C11A1CEA43BB6F54EE	D2C2EB4EA931B7A0ACD6D257DCCF2A56EE77E7102B6817762D2757A1D4018301
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\7764dbd0-63c1-4fc2-a8d8-edb23d448abb.tmp	JSON data	3E284F19F480092EF9880964FEF5C824	FD8B688E79C109335CE006C11A1CEA43BB6F54EE	D2C2EB4EA931B7A0ACD6D257DCCF2A56EE77E7102B6817762D2757A1D4018301
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95 (copy)	JSON data	5FAF6E88DE53E71325F467A1EC80CDA8	E06C22987C20E468944FA3CE103F44BE29E5697F	E19BA1BA672856A86AAB2A560E7A99754AD01B61D3BD4BB68786CB5B6A73E89A
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95.tmp	JSON data	5FAF6E88DE53E71325F467A1EC80CDA8	E06C22987C20E468944FA3CE103F44BE29E5697F	E19BA1BA672856A86AAB2A560E7A99754AD01B61D3BD4BB68786CB5B6A73E89A
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed (copy)	JSON data	D2ECA2F6F397C57D8B4A86F045B31AB3	CAA699500871C258DCE0BF088667FECD790D9B3B	657C91267D135A9D5D62311073ECE2D1D38733DA5EBCF6909159695F5072F5AF
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed.tmp	JSON data	D2ECA2F6F397C57D8B4A86F045B31AB3	CAA699500871C258DCE0BF088667FECD790D9B3B	657C91267D135A9D5D62311073ECE2D1D38733DA5EBCF6909159695F5072F5AF
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionCheckpoints.json (copy)	JSON data	E08EF355498AE2C73E75F5A7E60EADA5	C98B5AB80782513F6E72D95AB070E1ED7626C576	D1A98A30522D1BF882574DF5ED2793BBA5C4FDF0381788BABEA0846F6946745C
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionCheckpoints.json.tmp	JSON data	E08EF355498AE2C73E75F5A7E60EADA5	C98B5AB80782513F6E72D95AB070E1ED7626C576	D1A98A30522D1BF882574DF5ED2793BBA5C4FDF0381788BABEA0846F6946745C
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionstore-backups\recovery.baklz4 (copy)	Mozilla lz4 compressed data, originally 6192 bytes	341B90C587F1D281350D50C34D3F7699	8A8213DAC3CDCA0D4F38A5B1D3340B26C9430BA4	AE9479465C2DF7E0734D09FC61435FF3343CBDE1148C92E670846FF61CC6C321
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionstore-backups\recovery.jsonlz4 (copy)	Mozilla lz4 compressed data, originally 6192 bytes	341B90C587F1D281350D50C34D3F7699	8A8213DAC3CDCA0D4F38A5B1D3340B26C9430BA4	AE9479465C2DF7E0734D09FC61435FF3343CBDE1148C92E670846FF61CC6C321
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionstore-backups\recovery.jsonlz4.tmp	Mozilla lz4 compressed data, originally 6192 bytes	341B90C587F1D281350D50C34D3F7699	8A8213DAC3CDCA0D4F38A5B1D3340B26C9430BA4	AE9479465C2DF7E0734D09FC61435FF3343CBDE1148C92E670846FF61CC6C321
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionstore.jsonlz4 (copy)	Mozilla lz4 compressed data, originally 3772 bytes	AF24FEEECD68FCCE6F137B22FC9FCB2A	EBF0A77170DC44878A5090CF18BAABDE0B66C0CB	0300A179EF2E505470FB59DAEFB1425090A7B7A66B6B0B6271AA77B3F50ED2F7
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\sessionstore.jsonlz4.tmp	Mozilla lz4 compressed data, originally 3772 bytes	AF24FEEECD68FCCE6F137B22FC9FCB2A	EBF0A77170DC44878A5090CF18BAABDE0B66C0CB	0300A179EF2E505470FB59DAEFB1425090A7B7A66B6B0B6271AA77B3F50ED2F7
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\targeting.snapshot.json (copy)	JSON data	A1D45F0035C07DC92689689DAE1FDDF6	3C63582275D3081D3448CE23FA48AEBB879CEC6A	6A1332832D6EAD57A5CBFE4319037AC151B80F29C1E9C5171BC2421B884879F8
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\targeting.snapshot.json.tmp	JSON data	A1D45F0035C07DC92689689DAE1FDDF6	3C63582275D3081D3448CE23FA48AEBB879CEC6A	6A1332832D6EAD57A5CBFE4319037AC151B80F29C1E9C5171BC2421B884879F8
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\xulstore.json (copy)	JSON data	4B4A526BE952757E6BF2B965CB6DA478	3EBF0ED8024FAECCA22C21C286652D25F97FDF6B	4FFB085F0511D484E63081A415D03C3EC86CFD8D461117AC6249EAB09F0D9332
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\xulstore.json.tmp	JSON data	4B4A526BE952757E6BF2B965CB6DA478	3EBF0ED8024FAECCA22C21C286652D25F97FDF6B	4FFB085F0511D484E63081A415D03C3EC86CFD8D461117AC6249EAB09F0D9332
Chrome Cache Entry: 261	Java source, ASCII text, with very long lines (3335)	683EDB06679BD7429A62F0440FD67C71	90D01201AAC3105DFF903D0058755DF779C8A778	87B06CF13E6BE46BC1F31D0EDF640172BFAA16C5C48E6C54B242880C7C7712DF
Chrome Cache Entry: 262	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	321785406F13424D51E2B1899FFBDEAA	C2BB1F70C77570F8C054ADC6474EB27015BB8D53	11710811681B5F4B5F6791CE5462C9E27EB7BFA3C835421C7119BC825B712327
Chrome Cache Entry: 263	ASCII text, with very long lines (65536), with no line terminators	CC75C2DFE4FA5DE68E5E044AF4247B20	6AA4CE826B316E3410A3C92E7119BD7B775D0134	733888AEE84449FE33BFA1481480F1A839F62A036BF1202AC7471F1E5B921ACA
Chrome Cache Entry: 264	Unicode text, UTF-8 text, with very long lines (65248), with no line terminators	8B48A0FEFA4154F0E2869A38280FEBC4	6B7C12A5C65451622027B87A52607F66B2ED6245	2A386A6CACB001774D6EBD3D355671B92E94D6236FD9593A26905143DB88BF75
Chrome Cache Entry: 265	ASCII text	BD7FAB1E13997FD9DBE1ADC309C5549C	E6FB970015F5BF4DF4EE0A86B5422898F1906907	460730385684F43638A991CBD42B4EEA9ACB722392B09DC48BCFADB29B94E00C
Chrome Cache Entry: 266	Java source, ASCII text, with very long lines (25431)	A54E996245AA1D903A16B4285E55344F	672CFFA899B81C56AD985ACA3465DB2A6CE5A597	7F6C2A8E12895406D8E2BF790BD7AD84E534F652BFD6312AF8CE0208310D7E55
Chrome Cache Entry: 267	Java source, ASCII text, with very long lines (2967)	2AA14EF862BFC814B0D304D030E6659F	792DD75C4EF3351983E4A9FEB3EC57C4E38A93C1	48116003E3FD479A5500EB98FEF799074153F83B2380333C9FFF68915F998CCC
Chrome Cache Entry: 268	HTML document, ASCII text	A4090A38E4434A36BAF7361E29EBD25F	667FDFC62AC98C11DD1F0CE469374F20D4AA6694	0441A193CEAC676241E1D0F9824F9F766545B15A08A44454A6EC05FD7E1D0126
Chrome Cache Entry: 269	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	5CF8D6F513B2C55D9581BECCAC6B3D2D	00F94BA8A02C8C67024752D67E2F30A6B0C574F1	5EC1BF23BAF320B45B060D7C106FED9DF6166F7B31EA95911ADBED93127634CD
Chrome Cache Entry: 270	ASCII text	574A7B46B77FB2E080396D2D4007DE9F	CAD523A9785410A9F644E9CD567DAB319D039197	B812DE7A54E821FECD39917AF3E14F3A3652E45102209CBD7D4164028CD8A4C1
Chrome Cache Entry: 271	ASCII text, with very long lines (8218)	8BEEA671EEC0DF6F97CE85F0B8EAC2FA	500F9993D7D65591893D6E11C0609965C293DFAA	792C1253D215041AB11D638B2CD5DC3E30DB80F0402C6D6FFDE3169723090772
Chrome Cache Entry: 272	ASCII text	6FED308183D5DFC421602548615204AF	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
Chrome Cache Entry: 273	ASCII text, with very long lines (1611)	B277AC9A86C34FAA30EB06B51851E1A1	0BEA068C1499619BD8EC3E89F46BE43995E0AD87	D766F82B50BD70232044929A15C78BD0EE8B3A3ACA1764CD2F9CE62E9A98B1C3
Chrome Cache Entry: 274	ASCII text	90B3AFCF384D77727F82BFBFFA06E24F	7836BC8988148AAD7466F2408432F9D8F1B55BBD	EB2F24A4C19A02721AF6DF02EF2746A4CDF9957E2A6CAF24494CA8677F608EE1
Chrome Cache Entry: 275	ASCII text, with very long lines (5162), with no line terminators	70A8F21806E7F1B739937970EBE49A0C	6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4	C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
Chrome Cache Entry: 276	Unicode text, UTF-8 text, with very long lines (14935)	380E20386E4E93B9F46C036F25D63286	52F78E881F33C31398D659F5A3DA22FD8E17AC4A	5F9C3B6BF0FCA0167BB55EB52D9663CC4932EC601AC2F7FAEFC7A053E2879682
Chrome Cache Entry: 277	ASCII text, with very long lines (65531)	E978AA0089605394B13407484BA51CF1	E0E9DAF9117046F82C764F0EC753A09F31DBC8BC	FF9EA2E7A76EDF779734A68AEDE1D5D2C984726C1F892E31838AAC6298E70DAA
Chrome Cache Entry: 278	ASCII text, with very long lines (1024)	679C41BE9E67D2CF1D420DF21C5CB683	80964B7DF089660F33ED468A43BF596254EA1372	D9A1B4E5055D6812A34564F46F5B6A64B26691097238CA308881C451AA5BF79C
Chrome Cache Entry: 279	Zstandard compressed data (v0.8+), Dictionary ID: None	8A76E73822588450EF7446405A36610C	3F9E39D51305A7D6126DCF0C3CC22EDBCB99BA3F	3D230EE5DF27137EB32D545C4A1AB16715D708C8E8D68CD571AE9EFA5D8DEB23
Chrome Cache Entry: 280	Unicode text, UTF-8 text, with very long lines (65044), with no line terminators	826ED3D744C97F5D7843265371D8B8E4	BC9C65A566FB2912697AD7F65FFC9A15EC5521A7	BF6013A5BC0D80E47558440AFF78DFA387E647135FFDE0EB2EDF6EE0F42623D7
Chrome Cache Entry: 281	Java source, ASCII text, with very long lines (22496)	4050A958796E6717BADA242AFB8F2686	142E381B7849DD8356E8C2AF7F3A0F8C31BC353C	F04526077F6ED11CB1A2D394CC24D8E4787461475D2BCF39EDA914A7939366C5
Chrome Cache Entry: 282	Unicode text, UTF-8 text	795F37E4197BA23932B5BA750761DF07	B5233AAB1ED89A7121C90B4145AF0B9A979FCB9F	3B9C05162414DA0191021E7835431967C557FAE21EC64B6DF95A92E9EC006986
Chrome Cache Entry: 283	ASCII text, with very long lines (1617)	8F0B2CF806F323303D90290C04C66286	9C671B5E1F625BFA6894818C4A7BA6950F300DF4	F0520A5239189BB680C613427E7760E8DD41D1DF2D60EF699F8A74BDFE3AF750
Chrome Cache Entry: 284	ASCII text, with very long lines (2412)	FBB7F9979A2E5044220E5383062DA32D	CE731C4BD47B09D2DE936149FD0B2CE2EFD492C9	521B0C7AD9F663F83F908A588A50D2288B28508136E0276A62BA4A899644681B
Chrome Cache Entry: 285	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	C6F5908391F0D4713B04544EB717DF75	AF0D44131DF232BA8148BE6830FA83EE12399425	8D5B851ABDD411E50B0162DE3B8A50C1C3AF6BF9DFDFCE449F9077FC0CC2057C
Chrome Cache Entry: 286	ASCII text, with very long lines (1086)	743D9B7A58CB34CAB3C5325CD5BF4759	51EC3B847954E7B6568B8B3E0E15DF0FCBE15BE3	73476FAEF8F93E66194CDE3A431436AE91F110CD59B2EA9DD7D97EAAB11C8AC2
Chrome Cache Entry: 287	ASCII text, with very long lines (8539)	137F952858C25EF14F2B18FC73F9BB4A	085642C5E085CE1AC06823AD5636A43228BFB846	523307D06386EC51D7F5160ACE51F4456815B268DAF000FC1914D8ED67027616
Chrome Cache Entry: 288	SVG Scalable Vector Graphics image	554640F465EB3ED903B543DAE0A1BCAC	E0E6E2C8939008217EB76A3B3282CA75F3DC401A	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
Chrome Cache Entry: 289	ASCII text, with very long lines (710)	83EAA061C1686FA5AAA65E36A45BC842	8F892CEB73F326BBE9C8C037461FEAFF20ED93CB	7438AE4FF4ACAB5179C804DEA5A843AD00E2757190C326D5EC4DBEFDF3C164F5
Chrome Cache Entry: 290	ASCII text, with very long lines (3430)	C9CDCEC349DD92DB71B0993CA4EEC919	BCD20D64E45D98DA9F00512425F16D231CEE3C21	2953AA72CBF12B172D59AF7CE059793492211B29C8EDC61578B1ACB768F5F8DD
Chrome Cache Entry: 291	ASCII text, with very long lines (36035), with no line terminators	F84A071B48B5DA6C4F1FDEAB5C1FE8EA	4311EE0C218BBA143307FE504F67069D57FEEDA6	4D40ECC081FDF5EDCF54535EB0AE3DBB5E294DBEA1BD5E958EDF249B6D383315
Chrome Cache Entry: 292	ASCII text	6174206EECE153E3277B80C1B504F9D4	0604035519B0613B384A71848C75F62854EC1792	1E2B65FD4F701E5E1B4A621D88BF2D13B941BB44578AF36185DB87925A3CA13C
Chrome Cache Entry: 293	Java source, ASCII text, with very long lines (1513)	42BC66EF6FFCFC3752E922025F145842	7A623C4F005BA4DFCCB7ADDCD168E02A2F2A9EBA	8A98BF951B341064F3C3B5947DC279DD532A8A4C9A3684CDCFC073EC13384175
Chrome Cache Entry: 294	ASCII text, with very long lines (854)	DFA5F7AD034A398D9C0465A9B441D7A5	9D8EB1FB81B277F6AE403C060ABCFD46BDC42AE8	68FE0411C3CC2B1AB19F74B30E55BF39569E97E7E9377AD3595D2911D758DC97
Chrome Cache Entry: 295	ASCII text	A0A952EC017F1B5BB545FC6C55E3245C	B8E6630F408AE17475A9659AC6DEBF6AC45C81B5	EFD6CDF0B10A1793A172C52CB23F51A84D78B2370EFDF3E8DFD68C66CF9DE77F
Chrome Cache Entry: 296	Unicode text, UTF-8 text, with very long lines (26432)	B9BA4C07AAE6943433A6DE66F00F9B7F	B0C1DD4603C5BBEF198390235863C15FEFD5BF1B	4C0B78E91CB2D1CAB5B91E0364C6FFBA3532810813ACD104F3B4139781106A18
Chrome Cache Entry: 297	HTML document, ASCII text, with CRLF line terminators	370E16C3B7DBA286CFF055F93B9A94D8	65F3537C3C798F7DA146C55AEF536F7B5D0CB943	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.148.94:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50089 version: TLS 1.2

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbHu source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb0 source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdbGCTL source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dcomp.pdb source: firefox.exe, 00000009.00000003.2054410541.0000020C4B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8netutils.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dwmapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdb source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: combase.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8iertutil.pdb source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbV source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000009.00000003.2082807131.0000020C45299000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 287MB

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.132
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.132
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=o&oit=1&cp=1&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oc&oit=1&cp=2&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octo&oit=1&cp=4&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octop&oit=1&cp=5&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopu&oit=1&cp=6&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopus&oit=1&cp=7&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspr&oit=1&cp=9&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro&oit=1&cp=10&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.&oit=1&cp=11&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.li&oit=3&cp=13&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life&oit=3&cp=15&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life%2F&oit=3&cp=16&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=octopuspro.life%2F%23&oit=3&cp=17&pgcl=2&gs_rn=42&psi=-0AwrspiYQv75E0s&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CPyDywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/vant.bf6013a5.css HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/index.523307d0.css HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/index.b0a3a26f.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@vue.d3b2b407.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@vant.378c9e84.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vant.9dc2feea.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has-symbols.456daba2.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has-proto.4a87f140.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/function-bind.72d06d3b.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/has.851ffceb.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/get-intrinsic.1f7927fd.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/call-bind.218c9af5.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/crypto-js.71120912.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/pinia.d3ba3a69.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/pinia-plugin-persistedstate.35ef556e.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/uuid.5e712abb.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vue-router.6cf43cf2.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/@intlify.d5940eca.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/vue-i18n.69c8aa1d.js HTTP/1.1Host: octopuspro.lifeConnection: keep-aliveOrigin: https://octopuspro.lifesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /config.js?1743013111137 HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: octopuspro.lifeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://octopuspro.life/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1
Source: global traffic	HTTP traffic detected: GET /assets/js/@vue.d3b2b407.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/@vant.378c9e84.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/vant.9dc2feea.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/has-symbols.456daba2.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/has-proto.4a87f140.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /assets/js/function-bind.72d06d3b.js HTTP/1.1Host: octopuspro.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://octopuspro.life/Sec-Fetch-Dest: scriptSec-Fetch-Mode: corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEI/qXOAQjGzc4BCJjgzgEIruTOAQji5M4BCIvlzgEI4uXOARjg4s4BGKfmzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.24R2mrw_td8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9vR1rNwOjC3PXOxUlyKiCwNBv2Fg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCPyDywEIk6HLAQiJo8sBCIWgzQEY4OLOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1Host: ciscobinary.openh264.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2015943236.0000020C3C854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47DC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.facebook.com","facebook.com"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.youtube.com","youtube.com"] equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: addImpression/groupsWithFrequency<sendPBNewTabMessage/</<.messages<{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}in handleMessageRequest, arguments = browser.promo.cookiebanners.enabledloadMessagesForProvider/messages<impression added, impressions[item.id]: _updateMessageProviders/providers<registerBadgeNotificationListener_updateMessageProviders/providerIDs<{a50d61ca-d27b-437a-8b52-5fd801a0a88b}{4170faaa-ee87-4a0e-b57a-1aec49282887}_removePreviewEndpoint/state.providers<_isBelowItemFrequencyCap/impressionsInPeriod<{9c63d15c-b4d9-43bd-b223-37f0a1f22e2a}loadMessagesFromAllProviders/messages<isBelowFrequencyCaps/_belowGroupFrequencyCaps<entering addScreenImpression for loadMessagesForProvider/<.messages<_resetInitialization/this.waitForInitialized<_updateMessageProviders/</<.messages<_cleanupImpressionsForItems/</impressions[id]< is not in the list of allowed hosts.forcePBWindow/privateBrowserOpener<{bb1b80be-e6b3-40a1-9b6e-9d4073343f0b}blockMessageById called, idOrIds = https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises<forceAttribution/attributionData<{8cda9ce6-7893-4f47-ac70-a65215cec288}{a79fafce-8da6-4685-923f-7ba1015b8748})loadMessagesFromAllProviders/needsUpdate<cfr-doorhanger-extension-ok-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}]\|mapToProperty('host'))\|length > 0{8a802b5a-eeab-11e2-a41d-b0096288709b}{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack{3923146e-98cb-472b-9c13-f6849d34d6b8}cfr-doorhanger-extension-cancel-buttonEnhancer for YouTube"!chrome://global/skin/icons/security.svgcfr-doorhanger-doh-primary-button-2cfr-doorhanger-feature-notificationtracking-protection-icon-containercfr-doorhanger-milestone-heading2{09e26ae9-e9c1-477c-80a6-99934212f2fe}cfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svg{e20e0de5-1667-4df4-bd69-705720e37391}cfr-doorhanger-milestone-ok-buttoncfr-doorhanger-doh-secondary-button{ebf47fc8-01d8-4dba-aa04-2118402f4b20}jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpackenhancerforyoutube@maximerf.addons.mozilla.org{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}{5737a280-b359-4e26-95b0-adec5915a854}WIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMScfr-doorhanger-extension-sumo-linkcfr-doorhanger-extension-manage-settings-button intersect topFrecentSites[.frecency >= {1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-notification2default-browser-notification-messagedefault-browser-notification-button["www.youtube.com","youtube.com"]resource://gre/modules/XPCOMUtils.sys.mjsresource://gre/modules/AppConstants.sys.mjs["www.wikipedia.org","wikipedia.org"]resource://nimbus/ExperimentAPI.sys.mjsresource:///modules/ShellService.sys.mjs["www.facebook.com","facebook.com"]services.sync.clients.devices.mobileresource://gre/modules/BrowserUtils.sys.mjsbrowser.startup.upgradeDialog.pinPBM.disabledetp-promotions?as=u&utm_source=inproductchrome://browser/content/cfr-lightning.svgchrome://browser/content/cfr-lightning-dark.svgmr2022-onboard
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: addImpression/groupsWithFrequency<sendPBNewTabMessage/</<.messages<{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}in handleMessageRequest, arguments = browser.promo.cookiebanners.enabledloadMessagesForProvider/messages<impression added, impressions[item.id]: _updateMessageProviders/providers<registerBadgeNotificationListener_updateMessageProviders/providerIDs<{a50d61ca-d27b-437a-8b52-5fd801a0a88b}{4170faaa-ee87-4a0e-b57a-1aec49282887}_removePreviewEndpoint/state.providers<_isBelowItemFrequencyCap/impressionsInPeriod<{9c63d15c-b4d9-43bd-b223-37f0a1f22e2a}loadMessagesFromAllProviders/messages<isBelowFrequencyCaps/_belowGroupFrequencyCaps<entering addScreenImpression for loadMessagesForProvider/<.messages<_resetInitialization/this.waitForInitialized<_updateMessageProviders/</<.messages<_cleanupImpressionsForItems/</impressions[id]< is not in the list of allowed hosts.forcePBWindow/privateBrowserOpener<{bb1b80be-e6b3-40a1-9b6e-9d4073343f0b}blockMessageById called, idOrIds = https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises<forceAttribution/attributionData<{8cda9ce6-7893-4f47-ac70-a65215cec288}{a79fafce-8da6-4685-923f-7ba1015b8748})loadMessagesFromAllProviders/needsUpdate<cfr-doorhanger-extension-ok-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}]\|mapToProperty('host'))\|length > 0{8a802b5a-eeab-11e2-a41d-b0096288709b}{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack{3923146e-98cb-472b-9c13-f6849d34d6b8}cfr-doorhanger-extension-cancel-buttonEnhancer for YouTube"!chrome://global/skin/icons/security.svgcfr-doorhanger-doh-primary-button-2cfr-doorhanger-feature-notificationtracking-protection-icon-containercfr-doorhanger-milestone-heading2{09e26ae9-e9c1-477c-80a6-99934212f2fe}cfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svg{e20e0de5-1667-4df4-bd69-705720e37391}cfr-doorhanger-milestone-ok-buttoncfr-doorhanger-doh-secondary-button{ebf47fc8-01d8-4dba-aa04-2118402f4b20}jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpackenhancerforyoutube@maximerf.addons.mozilla.org{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}{5737a280-b359-4e26-95b0-adec5915a854}WIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMScfr-doorhanger-extension-sumo-linkcfr-doorhanger-extension-manage-settings-button intersect topFrecentSites[.frecency >= {1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-notification2default-browser-notification-messagedefault-browser-notification-button["www.youtube.com","youtube.com"]resource://gre/modules/XPCOMUtils.sys.mjsresource://gre/modules/AppConstants.sys.mjs["www.wikipedia.org","wikipedia.org"]resource://nimbus/ExperimentAPI.sys.mjsresource:///modules/ShellService.sys.mjs["www.facebook.com","facebook.com"]services.sync.clients.devices.mobileresource://gre/modules/BrowserUtils.sys.mjsbrowser.startup.upgradeDialog.pinPBM.disabledetp-promotions?as=u&utm_source=inproductchrome://browser/content/cfr-lightning.svgchrome://browser/content/cfr-lightning-dark.svgmr2022-onboard
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2015943236.0000020C3C854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2172577799.0000020C3DDDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://2cc91266-7e73-453a-a128-14ace4899d8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2151866707.0000020C45077000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072372795.0000020C3A780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2072257784.0000020C3A7CC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2076031962.0000020C3A7CD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comLMEM( equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000003.2085814193.0000020C3A782000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072372795.0000020C3A780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45069000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: octopuspro.life
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy.tombstone.experimenter.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: o.pki.goog
Source: global traffic	DNS traffic detected: DNS query: pki-goog.l.google.com
Source: global traffic	DNS traffic detected: DNS query: a19.dscg10.akamai.net
Source: global traffic	DNS traffic detected: DNS query: api.toivaex.site
Source: global traffic	DNS traffic detected: DNS query: ogads-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

Source: global traffic

Source: firefox.exe, 00000009.00000003.2164697736.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: cert9.db.9.dr	String found in binary or memory: http://c.pki.goog/r/r4.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.d
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssureM
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000009.00000003.2101689356.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microso
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-=
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000009.00000003.2353165330.0000020C433C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2056906923.0000020C4A832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2221638943.0000020C47D49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2041919474.0000020C4C0C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2058505926.0000020C4A81E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000009.00000003.2158273224.0000020C47CBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2171952493.0000020C3DDE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2180794849.0000020C3D1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000009.00000003.2076156379.0000020C4B94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000009.00000003.2262808907.0000020C3E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: cert9.db.9.dr	String found in binary or memory: http://i.pki.goog/r4.crt0
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/0#
Source: firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/6
Source: firefox.exe, 00000009.00000003.2225540386.0000020C3DDC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880631189.0000020C3B45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1921335695.0000020C3C80B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2037931648.0000020C4B672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1792492544.0000020C3B91B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2164697736.0000020C3E863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1784522447.0000020C3B8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872258851.0000020C3C889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2046232785.0000020C4B7E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1757677409.0000020C3B5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2159923578.0000020C47C36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1853019353.0000020C44F64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880243347.0000020C3B46B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2178653493.0000020C3D20A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2222518122.0000020C47C37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1880243347.0000020C3B476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2262564950.0000020C3E881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1998122681.0000020C3802A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1837883964.0000020C3B4C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 00000009.00000003.2339156922.00000BB562B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/b
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000009.00000003.2076031962.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2040057147.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2069317454.0000020C3A7B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: chromecache_284.1.dr	String found in binary or memory: http://www.broofa.com
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/5
Source: firefox.exe, 00000009.00000003.2035834146.0000020C3A7C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000009.00000003.2092668620.0000020C31ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000009.00000003.2092668620.0000020C31AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.9.dr	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000009.00000003.2047815011.0000020C4B7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2181809025.0000020C3D176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1782938016.0000020C3CB87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2283549791.0000020C4B7BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1783796584.0000020C3CADC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: mozilla-temp-41.9.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000009.00000003.1784522447.0000020C3B8BB000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.9.dr, cert9.db.9.dr	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000009.00000003.2350610253.0000020C4A8DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000009.00000003.2052844897.0000020C4B98E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000009.00000003.2136742971.0000020C4C14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: chromecache_283.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_283.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: firefox.exe, 00000009.00000003.2168647356.0000020C3E836000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/mr2022-onboarding-set-default-primary-
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/fluent:about-private-browsing-focus-prom
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/This
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.comZ
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: chromecache_282.1.dr	String found in binary or memory: https://api.toivaex.site
Source: chromecache_284.1.dr, chromecache_283.1.dr	String found in binary or memory: https://apis.google.com
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: chromecache_282.1.dr	String found in binary or memory: https://app.vskefu.com
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000009.00000003.2142744470.0000020C4B30F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2147624831.0000020C478CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2258540104.0000020C478CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000009.00000003.2142744470.0000020C4B30F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000009.00000003.2293497157.0000020C447C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2340448301.0000020C447C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352163185.0000020C447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000009.00000003.2293497157.0000020C447C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2340448301.0000020C447C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352163185.0000020C447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000009.00000003.2251822632.0000020C4BA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2256639340.0000020C4AAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055994759.0000020C4AAB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696586146862.12791&key=1696586146400600
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696586146862.12791&key=1696586146400600000.1&cta
Source: firefox.exe, 00000009.00000003.2053567266.0000020C4B747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BB63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2014129847.0000020C3D39D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000009.00000003.2012598298.0000020C3B33D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000009.00000003.2014129847.0000020C3D39D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075resource:///modules/sessionstore/SessionStore.sy
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464resource://activity-stream/common/ActorConstants
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739experimental-features-cookie-samesite-none-requi
Source: firefox.exe, 00000009.00000003.2014810292.0000020C3C852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2014317196.0000020C4B656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000009.00000003.2011153994.0000020C4B6E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 00000009.00000003.1921335695.0000020C3C80B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000009.00000003.2015081454.0000020C3B33D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000009.00000003.2012648033.0000020C44F45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 00000009.00000003.2011272483.0000020C4B6DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 00000009.00000003.2014269128.0000020C4B6E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: chromecache_283.1.dr	String found in binary or memory: https://clients6.google.com
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: chromecache_283.1.dr	String found in binary or memory: https://content.googleapis.com
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000009.00000003.2260147449.0000020C4503A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2052844897.0000020C4B99B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000009.00000003.2147624831.0000020C478EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000009.00000003.1880631189.0000020C3B453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000009.00000003.1786170696.0000020C44FD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: chromecache_283.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1784522447.0000020C3B8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2114142059.0000020C382F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1876921815.0000020C382EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1920211618.0000020C382EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1996263236.0000020C382F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000009.00000003.1820281604.0000020C4AFE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000009.00000003.1814851460.0000020C4B885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47C9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000009.00000003.2256835561.0000020C482AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_284.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000009.00000003.1785884705.0000020C44FF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000009.00000003.1834268016.0000020C4B95A000.00000004.00000800.00020000.00000000.sdmp, chromecache_286.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.mdCSSResult
Source: firefox.exe, 00000009.00000003.1782643944.0000020C4506D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650devtools-serviceworker-debugger-supportbrowser-shutdo
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000009.00000003.2012816981.0000020C44F33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000009.00000003.1911168985.0000020C4C03D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000009.00000003.2161800187.0000020C444CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: prefs-1.js.9.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLmfC2m4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000009.00000003.2172849643.0000020C3D4D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2151866707.0000020C450A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C450A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: pingsender.exe, 00000011.00000003.2491831290.000001F2756C9000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000003.2485270722.000001F2756BE000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2507338545.000001F2756C8000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/
Source: pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/O
Source: pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/emetry.mozilla.org/a/o
Source: firefox.exe, 00000009.00000003.2225540386.0000020C3DDA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2510173009.00000208A4D08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/activity-stream/sessions/1/a6defceb-d773-4814-8b46-897
Source: firefox.exe, 00000009.00000003.2177295249.0000020C3D2F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/ef2a241e-db57-4556-96cf-d5c0d
Source: firefox.exe, 00000009.00000003.2354594869.0000020C3E874000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/27acd6f2-d312-40b4-9798-bbc8
Source: firefox.exe, 00000009.00000003.2294637225.0000020C4475A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/a109723b-26d6-405d-ab65-9e32a
Source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47C8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/132d4f2f-cfd2-473c
Source: firefox.exe, 00000009.00000003.2257793597.0000020C47D91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2060480679.0000020C47D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2158521765.0000020C47C8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/e3951473-f042-4512
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/F
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Fi
Source: pingsender.exe, 00000011.00000002.2500012178.000001F275620000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitiu
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C57C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2159923578.0000020C47C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000009.00000003.2058630730.0000020C4829D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000009.00000003.1786170696.0000020C44FD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000009.00000003.2350187821.0000020C4BB11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000009.00000003.2014745126.0000020C454E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2052844897.0000020C4B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2080994727.0000020C47CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A4281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life
Source: firefox.exe, 00000009.00000003.2052844897.0000020C4B9AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/
Source: firefox.exe, 00000009.00000003.2262808907.0000020C3E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E84D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/#/login
Source: firefox.exe, 00000009.00000003.2159923578.0000020C47C25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://octopuspro.life/#/loginfterupdate_triggermoz_openpages_tempCREATE
Source: recovery.jsonlz4.tmp.9.dr, sessionstore.jsonlz4.tmp.9.dr	String found in binary or memory: https://octopuspro.life/#/loginr
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: chromecache_284.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/player/
Source: chromecache_283.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_283.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com/
Source: chromecache_282.1.dr	String found in binary or memory: https://qb.toivaex2.online
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000009.00000003.2054768144.0000020C4B31B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000009.00000003.2219667036.0000020C4AA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2220972742.0000020C47D6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000009.00000003.1880631189.0000020C3B453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2162364912.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000009.00000003.2251822632.0000020C4BA8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000009.00000003.2048421679.0000020C4B3E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2497134956.00000208A4212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/Error:
Source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2169300879.0000020C3E795000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2355658144.0000020C3E7F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2510173009.00000208A4D08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user;
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000009.00000003.2367234258.0000020C4B2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2157452326.0000020C47D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000009.00000003.2146201767.0000020C48230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000009.00000003.2255882167.0000020C4B7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000009.00000003.2255882167.0000020C4B7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/extension-permissions
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000009.00000003.1910679867.0000020C4C0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055994759.0000020C4AAB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2352959644.0000020C433EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000009.00000003.2173523099.0000020C3D4C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.BoEX37k-iQhx
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000009.00000003.2223698927.0000020C44D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000009.00000003.2053435029.0000020C4B985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000009.00000003.1781214756.0000020C450C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: chromecache_283.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_1489ebcc3648faa1d485bf99fe44320523fb3b015627dc7b
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/Z
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000009.00000003.2024802868.0000020C3A7BE000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.9.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1786375824.0000020C44FA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/searchf59fddbc-580b-4672-9cda-32941ceec730OffscreenCanvasRenderingCo
Source: firefox.exe, 00000009.00000003.1785085452.0000020C3B7F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1753032864.0000020C38305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1872595693.0000020C3C84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1752720553.0000020C38100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000009.00000003.2139391096.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: chromecache_283.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_283.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_284.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000009.00000003.1872258851.0000020C3C89B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000009.00000003.2140846085.0000020C4B708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000009.00000003.2367234258.0000020C4B2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1815679447.0000020C4A8F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2157452326.0000020C47D31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2283549791.0000020C4B7D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000009.00000003.2037931648.0000020C4B672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1816084626.0000020C4A8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bKxBjSHff0w5
Source: firefox.exe, 00000009.00000003.1814851460.0000020C4B885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1811569977.0000020C4AFF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000009.00000003.1805078171.0000020C3C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?getTargetingParameters/resolve/promises
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.0qLVhD3otCFX
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000009.00000003.2342910324.00003116E7503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2354594869.0000020C3E84D000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.9.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000009.00000003.2082807131.0000020C45266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000009.00000003.1816084626.0000020C4A877000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000000F.00000002.2478071298.0000027B13AC0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000009.00000003.2063954774.0000020C450CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/Z
Source: firefox.exe, 00000009.00000003.2053435029.0000020C4B985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000B.00000002.2497134956.00000208A42E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2483075825.0000027B13F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.9.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000009.00000003.2011003691.0000020C3800E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2151866707.0000020C4507A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2290670997.0000020C45078000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000009.00000003.1834522781.0000020C4B7E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2055328902.0000020C4AABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2497134956.00000208A420A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2479053637.0000027B13C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000009.00000003.2335419365.00001A12A1603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z
Source: firefox.exe, 00000009.00000003.2347188127.0000020C444EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.148.94:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.18:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.18:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.18:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.18:50089 version: TLS 1.2

Source: classification engine

Classification label: sus21.spyw.win@71/121@108/21

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5404:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 00000009.00000003.2136742971.0000020C4C14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000009.00000003.2251640735.0000020C4BB06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: firefox.exe, 00000009.00000003.2160796202.0000020C45537000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE moz_places SET foreign_count = foreign_count + 1 WHERE id = NEW.place_id;

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,16098732947600895815,880820879046812207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e94b11-9dd0-4c60-bb90-7df78882f2ae} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad6b310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -parentBuildID 20230927232528 -prefsHandle 880 -prefMapHandle 3340 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa24571-b623-4e3f-95a2-0521d45f35d7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad42610 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518 https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2100,i,16554877912255492363,11986247822077278540,262144 --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,16098732947600895815,880820879046812207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e94b11-9dd0-4c60-bb90-7df78882f2ae} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad6b310 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -parentBuildID 20230927232528 -prefsHandle 880 -prefMapHandle 3340 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa24571-b623-4e3f-95a2-0521d45f35d7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c2ad42610 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5852 -prefMapHandle 5836 -prefsLen 33172 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9a0c8d-7ce1-4611-88d1-9ec4307d250f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 20c4ba9e510 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518 https://incoming.telemetry.mozilla.org/submit/telemetry/e7dcf197-dc75-436a-ac46-e67a20be54ed/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed https://incoming.telemetry.mozilla.org/submit/telemetry/970d38ae-b14f-4cc8-871c-bb8eff755a95/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2100,i,16554877912255492363,11986247822077278540,262144 --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2111422392.0000020C3A7E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbHu source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb0 source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000009.00000003.2065646598.0000020C447AD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdbGCTL source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dcomp.pdb source: firefox.exe, 00000009.00000003.2054410541.0000020C4B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8netutils.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000009.00000003.2081428072.0000020C455F0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2062494796.0000020C47CF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000009.00000003.2094405830.0000020C3A7E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2088961251.0000020C3A7CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dwmapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CA8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdb source: firefox.exe, 00000009.00000003.2092188922.0000020C4FD01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47C83000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.9.dr
Source:	Binary string: combase.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BB85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BB97000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8iertutil.pdb source: firefox.exe, 00000009.00000003.2084474883.0000020C44DDA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000009.00000003.2106660882.0000020C3A7D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbV source: firefox.exe, 00000009.00000003.2072685132.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2043684722.0000020C4BDA9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000009.00000003.2062494796.0000020C47CBC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000009.00000003.2082807131.0000020C45299000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: firefox.exe, 00000009.00000003.2045659160.0000020C4B9D0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: edputil.pdb source: firefox.exe, 00000009.00000003.2050289239.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2073839773.0000020C4BBA1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000009.00000003.2064484234.0000020C45071000.00000004.00000800.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: gmpopenh264.dll.tmp.9.dr

Static PE information: section name: .rodata

Drops PE files

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: pingsender.exe, 00000011.00000002.2500012178.000001F27562A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%
Source: firefox.exe, 0000000A.00000002.2490927450.0000013FEB66A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2476242221.0000027B138CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2482736644.0000027B13DA0000.00000004.00000020.00020000.00000000.sdmp, pingsender.exe, 00000011.00000002.2500012178.000001F27567D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW?
Source: firefox.exe, 0000000B.00000002.2492022598.00000208A3EFA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: firefox.exe, 0000000A.00000002.2500524967.0000013FEBD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2506733593.00000208A4780000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\970d38ae-b14f-4cc8-871c-bb8eff755a95	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\32f7bc88-ca2c-4b0b-8325-b6d3b7c1e518	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wuifzt30.default-release\saved-telemetry-pings\e7dcf197-dc75-436a-ac46-e67a20be54ed	Jump to behavior

ID:	1649425
Product:	CloudBasic
Start time:	19:17:19
Start date:	26.03.2025
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://www.octopuspro.life/#/login

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://www.octopuspro.life/#/login

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://www.octopuspro.life/#/login