Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562044
MD5: f8f6b3f05a3b3bfe1f5600ae9b33f059
SHA1: 8fd0d4770ccceada563470d85d022825b4adde33
SHA256: 8faa25a839f7163b52b8b26c672ce31f22c9a69eb29917a7d56ece2f39d4b68b
Tags: exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 37% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.4% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49871 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49870 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49875 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.16.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000010.00000003.1401733187.000001FD02D9F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000010.00000003.1399175024.000001FD02DAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000010.00000003.1401143858.000001FD02DA8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000010.00000003.1401733187.000001FD02D9F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000010.00000003.1399175024.000001FD02DAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000010.00000003.1399808659.000001FD02DA0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.16.dr
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000010.00000003.1401143858.000001FD02DA8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000010.00000003.1399808659.000001FD02DA0000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00A6DBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C2A2 FindFirstFileExW, 0_2_00A3C2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A768EE FindFirstFileW,FindClose, 0_2_00A768EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_00A7698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00A6D076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00A6D3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A79642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00A79642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00A7979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A79B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00A79B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A75C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00A75C97
Source: firefox.exe Memory has grown: Private usage: 1MB later: 227MB
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 31
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View IP Address: 34.117.188.166 34.117.188.166
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7CE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_00A7CE44
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1354099015.000001FD06A9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1355659626.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1463006647.00001E7CC1C03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1463006647.00001E7CC1C03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1483940416.000001FD0F347000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1466473221.000001FD7FD7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1473441754.000001FD0F28F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376905169.000001FD10887000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1477087168.000001FD0DFC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378898265.000001FD0F29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379185189.000001FD0DFAD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376905169.000001FD10887000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED6010A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.000002256910C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED6010A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.000002256910C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED6010A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.000002256910C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1483940416.000001FD0F347000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: moz-extension://2a8a4ba3-32a0-495a-bbc2-63871e7b7005/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1477087168.000001FD0DFC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378898265.000001FD0F29F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000003.1381430852.000001FD07EE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: youtube.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 00000010.00000003.1321176863.000001FD0F599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1321176863.000001FD0F58D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1494633856.000001FD0D953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1328148477.000001FD0E0CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1328148477.000001FD0E0CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1328148477.000001FD0E0CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1328148477.000001FD0E0CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000010.00000003.1482175444.000001FD077F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000010.00000003.1491353975.000001FD08B22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000010.00000003.1470354481.000001FD10492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1487476877.000001FD10840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000010.00000003.1470354481.000001FD10492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000010.00000003.1481046835.000001FD07ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1386312487.000001FD07ABD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.comP
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000010.00000003.1467852220.000001FD7E68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000010.00000003.1502584260.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1467852220.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000010.00000003.1467852220.000001FD7E68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000010.00000003.1502584260.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1467852220.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000010.00000003.1467852220.000001FD7E68A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000010.00000003.1400377729.000001FD0FB99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000010.00000003.1463006647.00001E7CC1C03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000010.00000003.1381902288.000001FD07EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1457713405.000001FD05BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1501897169.000001FD0DC63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1395900585.000001FD05AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1464765131.000001FD0663B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1483666332.000001FD068B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1436423503.000001FD057EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1449150596.000001FD04FFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323781037.000001FD05F54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497835217.000001FD04FFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1330835872.000001FD066EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1447775368.000001FD08E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1296618009.000001FD057F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1459962149.000001FD0533E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1291913113.000001FD05AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1333525702.000001FD066FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1456117406.000001FD06932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323339074.000001FD077D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1433960628.000001FD08EE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1349393272.000001FD06CEE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000010.00000003.1463006647.00001E7CC1C03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000010.00000003.1376395400.000001FD116CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 00000010.00000003.1376395400.000001FD116CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000010.00000003.1399923856.000001FD02D73000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1399317044.000001FD02D72000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.microsoft.
Source: gmpopenh264.dll.tmp.16.dr String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1328148477.000001FD0E0CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1388843748.000001FD07888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul5g
Source: firefox.exe, 00000017.00000003.1319546909.000001ED60E3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2506690257.000001ED60E3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.1321108692.000001ED60E3D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.16.dr String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000010.00000003.1376395400.000001FD116CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379613332.000001FD0DC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000010.00000003.1376395400.000001FD116CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379613332.000001FD0DC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000010.00000003.1328148477.000001FD0E091000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://youtube.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000010.00000003.1321876728.000001FD0F474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472446090.000001FD0F474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000010.00000003.1285794356.000001FD05340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1286072133.000001FD0537F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285484262.000001FD05100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000010.00000003.1491353975.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1322770443.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497983690.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000010.00000003.1380873212.000001FD08DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000010.00000003.1379344256.000001FD0DCE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493961612.000001FD0DCE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1501808094.000001FD0DCE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000010.00000003.1379344256.000001FD0DC91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1454964788.000001FD06C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1429318861.000001FD06C2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1399879527.000001FD06C2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1389291573.000001FD070D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1482323340.000001FD070E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD07727000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493141016.000001FD0F2E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000010.00000003.1476296348.000001FD0E027000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://amazon.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000010.00000003.1377779107.000001FD1043A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380118807.000001FD0DABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1478649285.000001FD0DABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000010.00000003.1489037445.000001FD1043A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000010.00000003.1378100167.000001FD10428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1499440460.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470933224.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379185189.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470885296.000001FD10428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378132261.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493632244.000001FD0DF6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1477581768.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1494633856.000001FD0D953000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1354536848.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000010.00000003.1392564000.000001FD0686B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1482552841.000001FD06863000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1354536848.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000010.00000003.1356116307.000001FD05B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1354536848.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000010.00000003.1285794356.000001FD05340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1286072133.000001FD0537F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285484262.000001FD05100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000010.00000003.1328148477.000001FD0E0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1501440997.000001FD0E14A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493539123.000001FD0E142000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000010.00000003.1328148477.000001FD0E0E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E091000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000010.00000003.1493803889.000001FD0DF5E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000010.00000003.1493803889.000001FD0DF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379185189.000001FD0DFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1490206799.000001FD0DFAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000010.00000003.1355659626.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFDA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1338294629.000001FD06953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000010.00000003.1379185189.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000010.00000003.1317032272.000001FD0DBE3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000019.00000002.2501476893.0000022569113000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000003.1324541866.000001FD0F37B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1325262894.000001FD0F3FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000010.00000003.1325262894.000001FD0F395000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1325712911.000001FD0F3A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1324541866.000001FD0F37B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000010.00000003.1489037445.000001FD1043A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000010.00000003.1469758973.000001FD108A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470238302.000001FD10836000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000010.00000003.1470354481.000001FD10479000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1489037445.000001FD10479000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1377779107.000001FD10479000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.comX
Source: firefox.exe, 00000010.00000003.1467248094.000001FD7EF89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1375857274.000001FD7EF89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000019.00000002.2501476893.0000022569113000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.00000225691C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.00000225691C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1481046835.000001FD07ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1386312487.000001FD07ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED6012F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.0000022569130000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.00000225691C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000010.00000003.1501808094.000001FD0DCE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.00000225691C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000010.00000003.1329464627.000001FD0F3D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000010.00000003.1405487078.000001FD0DB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000010.00000003.1405487078.000001FD0DB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000010.00000003.1285794356.000001FD05340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285484262.000001FD05100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000010.00000003.1470354481.000001FD104DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1489037445.000001FD104DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1377779107.000001FD104DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1498814148.000001FD104DA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com
Source: firefox.exe, 00000010.00000003.1476296348.000001FD0E027000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000010.00000003.1355659626.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1436423503.000001FD05760000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000010.00000003.1498255105.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000010.00000003.1390104629.000001FD07004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000010.00000003.1498255105.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000010.00000003.1498255105.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000010.00000003.1498255105.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000010.00000003.1498255105.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD11685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD11685000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.16.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: firefox.exe, 00000010.00000003.1378898265.000001FD0F2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000019.00000002.2501476893.00000225691F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000010.00000003.1383406000.000001FD07E18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/ed8f7c92-2296-4c7d-a2c0-72fa4
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000010.00000003.1493539123.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000010.00000003.1329062120.000001FD05DC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000010.00000003.1491353975.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1322770443.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000010.00000003.1491353975.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1322770443.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000010.00000003.1355659626.000001FD0EFFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000010.00000003.1455845256.000001FD06A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000010.00000003.1455845256.000001FD06A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000010.00000003.1455845256.000001FD06A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000017.00000002.2499865239.000001ED60186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.000002256918F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06837000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000010.00000003.1455845256.000001FD06A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06837000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06837000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000010.00000003.1288950495.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1287469467.000001FD02B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1288676964.000001FD02B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000010.00000003.1377779107.000001FD1043A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497207382.000001FD116B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376395400.000001FD116B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000010.00000003.1475462037.000001FD0E0E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000010.00000003.1499440460.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470933224.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378132261.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000010.00000003.1499440460.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470933224.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378132261.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000010.00000003.1499440460.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470933224.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378132261.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000010.00000003.1499440460.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1470933224.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378132261.000001FD0F5ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000010.00000003.1390210459.000001FD06BB7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000010.00000003.1380118807.000001FD0DA84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379126043.000001FD0DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1477001347.000001FD0DFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1490078535.000001FD0DFD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000017.00000002.2499865239.000001ED60112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.0000022569113000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000019.00000002.2501476893.0000022569113000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/CN=The
Source: firefox.exe, 00000010.00000003.1378636100.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000010.00000003.1326075646.000001FD7FD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED60186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.00000225691F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000010.00000003.1327437796.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000003.1325262894.000001FD0F395000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000010.00000003.1481046835.000001FD07AB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1386312487.000001FD07AB6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000010.00000003.1390146379.000001FD06BF9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000010.00000003.1375857274.000001FD7EFF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1466899884.000001FD7EFF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000010.00000003.1448127617.000001FD07D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1402098827.000001FD07D93000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000010.00000003.1480026988.000001FD08B37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1322770443.000001FD08B37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1491353975.000001FD08B37000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000010.00000003.1474695727.000001FD0E1E6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000010.00000003.1477581768.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFD8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000010.00000003.1494530147.000001FD0DA3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000010.00000003.1424534118.000001FD0DB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1405487078.000001FD0DB34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000010.00000003.1477581768.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: firefox.exe, 00000010.00000003.1285794356.000001FD05340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1286072133.000001FD0537F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285484262.000001FD05100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1343278587.000001FD06953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1345515663.000001FD06952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1393867713.000001FD06940000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1341213409.000001FD06953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1338294629.000001FD06953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000010.00000003.1328148477.000001FD0E091000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000010.00000003.1396788194.000001FD02D8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1394180155.000001FD02D70000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.16.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000010.00000003.1479342729.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380270778.000001FD0D951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1466741065.000001FD7FD46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1372771827.000001FD7FD38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000010.00000003.1328148477.000001FD0E0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1317440758.000001FD0DD1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1317966470.000001FD0DD5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000010.00000003.1379185189.000001FD0DFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000010.00000003.1474695727.000001FD0E1BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285645469.000001FD05321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1285928088.000001FD05360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000010.00000003.1376905169.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06837000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000010.00000003.1333605576.000001FD06837000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000010.00000003.1502424466.000001FD7E6B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2501827173.000001B3917E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED601E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504961449.0000022569303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.16.dr String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E14D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000010.00000003.1478736729.000001FD0DAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1494357896.000001FD0DAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1475273334.000001FD0E19D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1372771827.000001FD7FDB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1326075646.000001FD7FDB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1327437796.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1472142075.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1465628917.000001FD7FDB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493236539.000001FD0E18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F59D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1491065310.000001FD0DAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380118807.000001FD0DAB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378785837.000001FD0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1321176863.000001FD0F586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378636100.000001FD0F581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493539123.000001FD0E142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1327938323.000001FD0F587000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000010.00000003.1325262894.000001FD0F395000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1325712911.000001FD0F3A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1324541866.000001FD0F37B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1325262894.000001FD0F3FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000010.00000003.1390146379.000001FD06BF9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000003.1489037445.000001FD1043A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1462776047.000037B909704000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.16.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000010.00000003.1462776047.000037B909704000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
Source: firefox.exe, 00000010.00000003.1474695727.000001FD0E1E6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000010.00000003.1390146379.000001FD06BF9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000019.00000002.2501476893.00000225691F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000010.00000003.1469914787.000001FD10890000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000015.00000002.2505386317.000001B391800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2503054990.000001ED60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2500265925.0000022568EA0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000015.00000002.2501827173.000001B3917C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/G
Source: firefox.exe, 00000010.00000003.1502584260.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1467852220.000001FD7E65B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/J
Source: firefox.exe, 00000010.00000003.1501698760.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1493851706.000001FD0DF0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000010.00000003.1491353975.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1322770443.000001FD08B33000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000010.00000003.1477581768.000001FD0DF75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFD8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000010.00000003.1463006647.00001E7CC1C03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1485239716.000001FD06656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1378898265.000001FD0F29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1356079033.000001FD0EFA7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000010.00000003.1489693296.000001FD0E140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000010.00000003.1474695727.000001FD0E1F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2499865239.000001ED6010A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2501476893.000002256910C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000010.00000003.1323370250.000001FD0774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000010.00000003.1379003546.000001FD0DFE9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000010.00000003.1481917587.000001FD07866000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000010.00000003.1494357896.000001FD0DABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1481653699.000001FD0788D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1388843748.000001FD0788D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1380118807.000001FD0DABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1478649285.000001FD0DABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.16.dr String found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000019.00000002.2500499486.0000022568EE0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=ht
Source: firefox.exe, 00000015.00000002.2500170307.000001B39156A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounI
Source: firefox.exe, 00000010.00000003.1494633856.000001FD0D953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2500170307.000001B39156A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2500644814.000001B3915C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2504040206.000001ED602C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2498368201.000001ED5FF4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2498368201.000001ED5FF40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2500499486.0000022568EE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2498994165.0000022568D5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000E.00000002.1267946102.0000023A88F3F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1275457663.000002512A3CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 00000019.00000002.2498994165.0000022568D5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdF
Source: firefox.exe, 00000015.00000002.2500644814.000001B3915C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.2500170307.000001B391560000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2504040206.000001ED602C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2498368201.000001ED5FF40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2500499486.0000022568EE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2498994165.0000022568D50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000019.00000002.2498994165.0000022568D50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdR
Source: firefox.exe, 00000015.00000002.2500170307.000001B391560000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdd
Source: firefox.exe, 00000015.00000002.2500170307.000001B39156A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdp
Source: firefox.exe, 00000017.00000002.2504040206.000001ED602C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=ht~
Source: firefox.exe, 00000010.00000003.1481653699.000001FD0788D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1388843748.000001FD0788D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/var(--focus-outline)
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49871 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49870 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49875 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_00A7EAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_00A7ED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_00A7EAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_00A6AA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_00A99576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1236121766.0000000000AC2000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_2f517f55-b
Source: file.exe, 00000000.00000000.1236121766.0000000000AC2000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_36942ef1-3
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_1460a83d-1
Source: file.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_abbf59b3-8
Contains functionality to call native functions
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED602AA637 NtQuerySystemInformation, 23_2_000001ED602AA637
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED60846632 NtQuerySystemInformation, 23_2_000001ED60846632
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_00A6D5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A61201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00A61201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_00A6E8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A08060 0_2_00A08060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A72046 0_2_00A72046
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A68298 0_2_00A68298
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3E4FF 0_2_00A3E4FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3676B 0_2_00A3676B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A94873 0_2_00A94873
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2CAA0 0_2_00A2CAA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0CAF0 0_2_00A0CAF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1CC39 0_2_00A1CC39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36DD9 0_2_00A36DD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A091C0 0_2_00A091C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1B119 0_2_00A1B119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A21394 0_2_00A21394
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A21706 0_2_00A21706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2781B 0_2_00A2781B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A219B0 0_2_00A219B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A07920 0_2_00A07920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1997D 0_2_00A1997D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A27A4A 0_2_00A27A4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A27CA7 0_2_00A27CA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A21C77 0_2_00A21C77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A39EEE 0_2_00A39EEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8BE44 0_2_00A8BE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A21F32 0_2_00A21F32
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED602AA637 23_2_000001ED602AA637
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED60846632 23_2_000001ED60846632
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED60846672 23_2_000001ED60846672
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED60846D5C 23_2_000001ED60846D5C
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00A09CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00A1F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00A20A30 appears 46 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal72.troj.evad.winEXE@34/34@66/12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A737B5 GetLastError,FormatMessageW, 0_2_00A737B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A610BF AdjustTokenPrivileges,CloseHandle, 0_2_00A610BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A616C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_00A616C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A751CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_00A751CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_00A6D4DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_00A7648E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A042A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_00A042A2
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246 Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7272:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user~1\AppData\Local\Temp\firefox Jump to behavior
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: firefox.exe, 00000010.00000003.1469758973.000001FD1089C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1379344256.000001FD0DCB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000010.00000003.1379344256.000001FD0DCB5000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000010.00000003.1376512189.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1469113934.000001FD116A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1497926760.000001FD116AF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exe Virustotal: Detection: 37%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {343c6f86-1b5f-473e-9dba-35b770c7833f} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd7576dd10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -parentBuildID 20230927232528 -prefsHandle 3060 -prefMapHandle 2996 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2796a079-c3f2-485a-9277-415ee10c3b63} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd05fc6e10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b798a6-e00b-468f-8fbe-32fc4b2fef5c} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd0f5fab10 utility
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {343c6f86-1b5f-473e-9dba-35b770c7833f} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd7576dd10 socket Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b798a6-e00b-468f-8fbe-32fc4b2fef5c} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd0f5fab10 utility Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -parentBuildID 20230927232528 -prefsHandle 3060 -prefMapHandle 2996 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2796a079-c3f2-485a-9277-415ee10c3b63} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd05fc6e10 rdd Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b798a6-e00b-468f-8fbe-32fc4b2fef5c} 7776 "\\.\pipe\gecko-crash-server-pipe.7776" 1fd0f5fab10 utility Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.16.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000010.00000003.1401733187.000001FD02D9F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000010.00000003.1399175024.000001FD02DAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000010.00000003.1401143858.000001FD02DA8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000010.00000003.1401733187.000001FD02D9F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000010.00000003.1399175024.000001FD02DAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000010.00000003.1399808659.000001FD02DA0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.16.dr
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000010.00000003.1401143858.000001FD02DA8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000010.00000003.1399808659.000001FD02DA0000.00000004.00000020.00020000.00000000.sdmp
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00A042DE
PE file contains sections with non-standard names
Source: gmpopenh264.dll.tmp.16.dr Static PE information: section name: .rodata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20A76 push ecx; ret 0_2_00A20A89
Drops PE files
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) Jump to dropped file
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_00A1F98E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A91C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_00A91C41
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED602AA637 rdtsc 23_2_000001ED602AA637
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 3.6 %
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00A6DBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C2A2 FindFirstFileExW, 0_2_00A3C2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A768EE FindFirstFileW,FindClose, 0_2_00A768EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_00A7698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00A6D076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00A6D3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A79642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00A79642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00A7979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A79B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00A79B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A75C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00A75C97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00A042DE
Source: firefox.exe, 00000015.00000002.2506786044.000001B391D40000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
Source: firefox.exe, 00000015.00000002.2500170307.000001B39156A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2504507482.000001ED60730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2504674840.0000022569200000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2498994165.0000022568D5A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000015.00000002.2505713790.000001B391921000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000017.00000002.2498368201.000001ED5FF4A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWPns`
Source: firefox.exe, 00000015.00000002.2500170307.000001B39156A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW`
Source: firefox.exe, 00000015.00000002.2506786044.000001B391D40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2504507482.000001ED60730000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 23_2_000001ED602AA637 rdtsc 23_2_000001ED602AA637
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7EAA2 BlockInput, 0_2_00A7EAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00A32622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00A042DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A24CE8 mov eax, dword ptr fs:[00000030h] 0_2_00A24CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00A60B62
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00A32622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00A2083F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A209D5 SetUnhandledExceptionFilter, 0_2_00A209D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00A20C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A61201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00A61201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_00A42BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6B226 SendInput,keybd_event, 0_2_00A6B226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A822DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_00A822DA
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00A60B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A61663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_00A61663
Source: file.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20698 cpuid 0_2_00A20698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A78195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_00A78195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5D27A GetUserNameW, 0_2_00A5D27A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free, 0_2_00A3B952
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00A042DE

Stealing of Sensitive Information
barindex
Yara detected Credential Flusher
Source: Yara match File source: 00000000.00000003.1296873839.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1236545654.0000000000F64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7248, type: MEMORYSTR
OS version to string mapping found (often used in BOTs)
Source: file.exe Binary or memory string: WIN_81
Source: file.exe Binary or memory string: WIN_XP
Source: file.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe Binary or memory string: WIN_XPe
Source: file.exe Binary or memory string: WIN_VISTA
Source: file.exe Binary or memory string: WIN_7
Source: file.exe Binary or memory string: WIN_8

Remote Access Functionality
barindex
Yara detected Credential Flusher
Source: Yara match File source: 00000000.00000003.1296873839.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1236545654.0000000000F64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7248, type: MEMORYSTR
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A81204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_00A81204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A81806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_00A81806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562044 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 203 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49708, 49709 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49706, 49715, 49718 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.149.100.209
 prod.remote-settings.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.107.243.93
 push.services.mozilla.com United States
15169 GOOGLEUS false
34.107.221.82
 prod.detectportal.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
35.244.181.201
 prod.balrog.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
34.117.188.166
 contile.services.mozilla.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
151.101.193.91
 services.addons.mozilla.org United States
54113 FASTLYUS false
35.201.103.21
 normandy-cdn.services.mozilla.com United States
15169 GOOGLEUS false
35.190.72.216
 prod.classify-client.prod.webservices.mozgcp.net United States
15169 GOOGLEUS false
142.250.181.78
 youtube.com United States
15169 GOOGLEUS false
34.160.144.191
 prod.content-signature-chains.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.120.208.123
 telemetry-incoming.r53-2.services.mozilla.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
example.org 93.184.215.14 true
star-mini.c10r.facebook.com 157.240.196.35 true
prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216 true
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201 true
twitter.com 104.244.42.193 true
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82 true
services.addons.mozilla.org 151.101.193.91 true
dyna.wikimedia.org 185.15.58.224 true
prod.remote-settings.prod.webservices.mozgcp.net 34.149.100.209 true
contile.services.mozilla.com 34.117.188.166 true
youtube.com 142.250.181.78 true
prod.content-signature-chains.prod.webservices.mozgcp.net 34.160.144.191 true
youtube-ui.l.google.com 172.217.17.78 true
us-west1.prod.sumo.prod.webservices.mozgcp.net 34.149.128.2 true
reddit.map.fastly.net 151.101.129.140 true
ipv4only.arpa 192.0.0.170 true
prod.ads.prod.webservices.mozgcp.net 34.117.188.166 true
push.services.mozilla.com 34.107.243.93 true
normandy-cdn.services.mozilla.com 35.201.103.21 true
telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123 true
www.reddit.com unknown unknown
spocs.getpocket.com unknown unknown
content-signature-2.cdn.mozilla.net unknown unknown
support.mozilla.org unknown unknown
firefox.settings.services.mozilla.com unknown unknown
www.youtube.com unknown unknown
www.facebook.com unknown unknown
detectportal.firefox.com unknown unknown
normandy.cdn.mozilla.net unknown unknown
shavar.services.mozilla.com unknown unknown
www.wikipedia.org unknown unknown