Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562274
MD5: da7a7d753dee0257505654e753e7adea
SHA1: 8b7f1ea501592bd3f6bed17ca62cba63a8994b4e
SHA256: 7ecf97ea56c6f1f39674123ccede879e5482470477abe7947f1dbb7dcc83efdf
Tags: exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 28%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.8% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2194715379.000002B450BC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2231503323.000002B4421C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2231503323.000002B4421C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2231116039.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2230031110.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2194715379.000002B450BC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2231116039.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2230031110.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_007FDBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CC2A2 FindFirstFileExW, 0_2_007CC2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008068EE FindFirstFileW,FindClose, 0_2_008068EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_0080698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_007FD076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_007FD3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00809642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00809642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_0080979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00809B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00809B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00805C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00805C97
Source: firefox.exe Memory has grown: Private usage: 1MB later: 219MB
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 31
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View IP Address: 151.101.65.91 151.101.65.91
Source: Joe Sandbox View IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View IP Address: 34.160.144.191 34.160.144.191
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080CE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_0080CE44
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000E.00000003.2171751527.000002B446BD7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2316801081.000002B44435F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240623382.000002B4503C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328268674.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2328106241.000002B450751000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2284331721.000002B44CED9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2284331721.000002B44CED9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240623382.000002B4503C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303942515.000002B44689C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2328106241.000002B450751000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2307697408.000002B44649B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2307697408.000002B44649B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2284331721.000002B44CED9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2284331721.000002B44CED9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF0A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF0A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF0A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/8 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/8 equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2332691298.000002B44C874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/8 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000012.00000002.3355582123.00000208D320C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.3355582123.00000208D320C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.twitter.com (Twitter)
Source: firefox.exe, 00000012.00000002.3355582123.00000208D320C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2240219569.000002B450697000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297333753.000002B45069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240623382.000002B4503C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2328106241.000002B450751000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2310284139.000002B4460C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284331721.000002B44CEDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310284139.000002B4460A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: youtube.com
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2292602245.000002B44C788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.2325034010.000002B44C83E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000E.00000003.2325034010.000002B44C83E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000E.00000003.2325034010.000002B44C83E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000E.00000003.2325034010.000002B44C83E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2196507595.000002B44219F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194987947.000002B4421A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198528045.000002B44217A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000E.00000003.2193755446.000002B44219B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193202309.000002B44218E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.mi
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2196507595.000002B44219F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194987947.000002B4421A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198528045.000002B44217A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2196507595.000002B44219F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.2302586428.000002B446BE7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.2292134746.000002B44C7D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290311578.000002B450970000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240065053.000002B450970000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306200989.000002B44C85C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.2326507630.000002B4508FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.2326507630.000002B4508FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.2239115706.000002B4514DA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv60
Source: firefox.exe, 0000000E.00000003.2192039854.000002B43B868000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193400717.000002B43B868000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192155014.000002B43B86A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192637081.000002B43B86B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191231752.000002B43B869000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://en.w
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000E.00000003.2255663677.000002B446944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.o
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256329693.000002B4466C5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.2317049010.000002B442441000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.2241558282.000002B44C9E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144403748.000002B4450C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255138741.000002B4450C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317049010.000002B44244C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293551860.000002B442B66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257606640.000002B446D45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285980113.000002B44C968000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314399836.000002B4457A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311235999.000002B4458E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171339305.000002B44C9A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315549476.000002B445145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301761978.000002B44815F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144403748.000002B4450E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276646089.000002B448157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249797737.000002B4447F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2142998269.000002B445A28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CAB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288873338.000002B446E11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241886174.000002B44C957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295080503.000002B445A30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281175923.000002B445A26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2196507595.000002B44219F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.2200766151.000002B442186000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231189612.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230130844.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230602690.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199687626.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201540601.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226572078.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194987947.000002B4421A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200165072.000002B442185000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232431821.000002B44217B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198528045.000002B44217A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229228568.000002B44217B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000E.00000003.2171339305.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000000E.00000003.2171339305.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.14.dr String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.2325981079.000002B448DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000E.00000003.2325034010.000002B44C83E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000E.00000003.2317049010.000002B44244C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315549476.000002B445145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295976631.000002B45143F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315791345.000002B445124000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311599270.000002B4458A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000E.00000003.2311599270.000002B4458A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000011.00000003.2158607190.000001D11EBFD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3360486907.000001D11EBFD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2154683493.000001D11EBFD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2155687220.000001D11EBFD000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.dr String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000E.00000003.2171339305.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000E.00000003.2171339305.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.2285149330.000002B44CDF1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.2242759436.000002B448360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C8D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.2158244889.000002B4473EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336738226.000002B4473EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000E.00000003.2242042947.000002B44C923000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268833828.000002B447761000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.2304415573.000002B44682D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.2310284139.000002B4460C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310284139.000002B4460A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171751527.000002B446BD7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000000E.00000003.2290682768.000002B44CE4F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://amazon.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.2240883449.000002B45035E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292602245.000002B44C788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297595056.000002B45035B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332105139.000002B44CD0D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 0000000E.00000003.2290470632.000002B45020B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000000E.00000003.2179542558.000002B445EB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181298311.000002B445F0F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.2179510649.000002B445EBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181298311.000002B445F0F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.2180017444.000002B445EAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181039845.000002B445EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2180067363.000002B445E97000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.2181039845.000002B445EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179941760.000002B445E7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.2181298311.000002B445F0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179542558.000002B445EAF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.2179510649.000002B445EBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181298311.000002B445F0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179719065.000002B445E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.2288909287.000002B446A7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000E.00000003.2181298311.000002B445F0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179542558.000002B445EAF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000E.00000003.2181039845.000002B445EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2180067363.000002B445E97000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.2181039845.000002B445EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179941760.000002B445E7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179719065.000002B445E94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135997717.000002B442B8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.2307817520.000002B446487000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.2332105139.000002B44CD0D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000E.00000003.2332046112.000002B44CD16000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2332046112.000002B44CD16000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2314940985.000002B4453F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154015259.000002B44CA35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.2181679689.000002B445E92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338329100.000002B446FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278673346.000002B446FAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292680602.000002B4471B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2350862863.000002B446A09000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154015259.000002B44CA35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257606640.000002B446D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329738977.000002B44EE62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323136150.000002B44EE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3355582123.00000208D3213000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2174358776.000002B446D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161460880.000002B446706000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159515345.000002B446709000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161441513.000002B446717000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2328671490.000002B45038F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240623382.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240065053.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290311578.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328268674.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283690331.000002B450961000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329738977.000002B44EE62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323136150.000002B44EE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3355582123.00000208D3213000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000011.00000002.3354398647.000001D11DF2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3355582123.00000208D3230000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154015259.000002B44CA35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000000E.00000003.2264978651.000002B44CA7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154811481.000002B44CA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154380582.000002B44CA85000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.2264978651.000002B44CA7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154811481.000002B44CA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154380582.000002B44CA85000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328268674.000002B4503CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2324738536.000002B44C8A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.2181679689.000002B445E92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278673346.000002B446FAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2177052707.000002B44770F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000E.00000003.2278933651.000002B446F35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329209649.000002B4502A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.14.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.2326507630.000002B4508FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.2292680602.000002B44713F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297595056.000002B45035B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/811fa8d5-3e73-41fe-a41f-74de8
Source: firefox.exe, 0000000E.00000003.2326507630.000002B4508D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/c1fe8ed2-5b1d-4ee5-8170-77d5
Source: firefox.exe, 0000000E.00000003.2240065053.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290311578.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283690331.000002B450961000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/90e78ad4-8dbb-4231
Source: firefox.exe, 0000000E.00000003.2240065053.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290311578.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283690331.000002B450961000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/a760bad5-f129-430e
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000E.00000003.2323574684.000002B44CEA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000E.00000003.2315549476.000002B4451C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2314940985.000002B4453F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.2314940985.000002B4453D9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000E.00000003.2242759436.000002B448360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000E.00000003.2242759436.000002B448360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.2181679689.000002B445E92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302314739.000002B4471B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306359878.000002B4471A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337883164.000002B4471B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292680602.000002B4471B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000012.00000002.3355582123.00000208D328E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2316801081.000002B44438F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198528045.000002B44217A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.2246269756.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269756730.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267131100.000002B441D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287253606.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143800189.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2182005715.000002B441EDE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443C1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.2316801081.000002B44438F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000000E.00000003.2317049010.000002B44244C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2324623500.000002B44C8E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2324738536.000002B44C8A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000E.00000003.2278788844.000002B446F73000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.2316801081.000002B44438F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.2350862863.000002B446A09000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.2275219247.000002B450295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275982106.000002B450295000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000E.00000003.2278673346.000002B446FCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306535721.000002B446FCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2306497736.000002B447125000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2278788844.000002B446F73000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000E.00000003.2278788844.000002B446F73000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2278788844.000002B446F73000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.2324566328.000002B44CD25000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000E.00000003.2303592186.000002B4468E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323136150.000002B44EE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3355582123.00000208D3213000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000E.00000003.2303592186.000002B4468E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000012.00000002.3355582123.00000208D32F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000E.00000003.2171751527.000002B446BD7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000E.00000003.2310284139.000002B4460C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310284139.000002B4460A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171751527.000002B446BD7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000E.00000003.2314940985.000002B4453CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316801081.000002B44438F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.2240623382.000002B450386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328671490.000002B45038F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337597176.000002B4473A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292680602.000002B44713F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.2279016666.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293040349.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.2283637687.000002B4509F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315391068.000002B4451E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290027576.000002B4509F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240065053.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239327068.000002B4509F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290311578.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308595757.000002B4463FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283690331.000002B450961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.2246857650.000002B4482E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000000E.00000003.2334621076.000002B4474DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277396057.000002B4474C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157525785.000002B4474C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.2316556802.000002B4443EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000E.00000003.2283481143.000002B45148D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.2303624191.000002B4468DF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.2300844775.000002B44C88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2324738536.000002B44C8A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306024868.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171339305.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000E.00000003.2154811481.000002B44CA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264978651.000002B44CA30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154015259.000002B44CA35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160646877.000002B44CA2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000000E.00000003.2242042947.000002B44C91F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 0000000E.00000003.2290682768.000002B44CE35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257606640.000002B446D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000E.00000003.2307697408.000002B44649B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359612979.00000208D3506000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 0000000E.00000003.2307697408.000002B44649B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000E.00000003.2195218740.000002B44219D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2196507595.000002B44219F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195084070.000002B442179000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2307697408.000002B44649B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000E.00000003.2290682768.000002B44CE14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000E.00000003.2241702294.000002B44C995000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171339305.000002B44C995000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.2155485208.000002B44CC3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154594314.000002B44CAF9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135997717.000002B442B8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.2134652698.000002B444A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134958560.000002B442B38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135997717.000002B442B8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135276847.000002B442B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2135108892.000002B442B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257606640.000002B446D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134808923.000002B442B1D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000000E.00000003.2303227491.000002B446B6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000E.00000003.2314940985.000002B4453CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330090999.000002B44CE42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290682768.000002B44CE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330645313.000002B44CE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290682768.000002B44CE42000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 0000000E.00000003.2161460880.000002B446706000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159515345.000002B446709000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161441513.000002B446717000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.2290470632.000002B45020B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 0000000E.00000003.2279016666.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293040349.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.2240828730.000002B45037A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000000E.00000003.2279016666.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293040349.000002B446F2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000E.00000003.2329448993.000002B45023F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290470632.000002B45023F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 00000010.00000002.3356801021.0000019AD12C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3354398647.000001D11DFC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3355582123.00000208D32F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2327234573.000002B45075B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000010.00000002.3358969106.0000019AD1300000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3358492142.000001D11E5A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3358862215.00000208D3340000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000E.00000003.2300304392.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241075945.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305963969.000002B44CBAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000E.00000003.2283971550.000002B450351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.2242759436.000002B448360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241613776.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306024868.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171339305.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.2157360220.000002B44CBA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.2303624191.000002B4468DF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328268674.000002B4503F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000E.00000003.2304761448.000002B44649E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000012.00000002.3355582123.00000208D320C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.2241613776.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306024868.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171339305.000002B44C9CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000000E.00000003.2323136150.000002B44EE5E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.14.dr String found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000012.00000002.3358997113.00000208D33D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.co
Source: firefox.exe, 0000000E.00000003.2283690331.000002B450970000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323136150.000002B44EE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223020916.000002B45124D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3355049783.0000019AD105A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3356238424.0000019AD10F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3355049783.0000019AD1050000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3353387161.000001D11DD6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3357574180.000001D11E004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3354754834.00000208D2FF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3358997113.00000208D33D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3354754834.00000208D2FFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2122482380.000001D398A37000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2128474491.000002959A45F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: file.exe, 00000000.00000002.2154416667.0000000001200000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd041.111
Source: firefox.exe, 00000011.00000002.3353387161.000001D11DD6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdF
Source: firefox.exe, 00000010.00000002.3356238424.0000019AD10F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3355049783.0000019AD1050000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3357574180.000001D11E004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3353387161.000001D11DD60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3354754834.00000208D2FF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3358997113.00000208D33D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000011.00000002.3353387161.000001D11DD60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdR
Source: firefox.exe, 00000010.00000002.3355049783.0000019AD105A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdoD
Source: firefox.exe, 0000000E.00000003.2295976631.000002B451434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdp
Source: firefox.exe, 00000010.00000002.3356238424.0000019AD10F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.cov
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_0080EAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_0080ED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_0080EAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_007FAA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00829576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_00829576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2153417783.0000000000852000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_21083275-4
Source: file.exe, 00000000.00000002.2153417783.0000000000852000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_45121fbc-b
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_777069f0-7
Source: file.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_f1439433-2
Contains functionality to call native functions
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E618E37 NtQuerySystemInformation, 17_2_000001D11E618E37
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E6396F2 NtQuerySystemInformation, 17_2_000001D11E6396F2
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_007FD5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_007F1201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_007FE8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00798060 0_2_00798060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00802046 0_2_00802046
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F8298 0_2_007F8298
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CE4FF 0_2_007CE4FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C676B 0_2_007C676B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00824873 0_2_00824873
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0079CAF0 0_2_0079CAF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007BCAA0 0_2_007BCAA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007ACC39 0_2_007ACC39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C6DD9 0_2_007C6DD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007AB119 0_2_007AB119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007991C0 0_2_007991C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B1394 0_2_007B1394
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B1706 0_2_007B1706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B781B 0_2_007B781B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007A997D 0_2_007A997D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00797920 0_2_00797920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B19B0 0_2_007B19B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B7A4A 0_2_007B7A4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B1C77 0_2_007B1C77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B7CA7 0_2_007B7CA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C9EEE 0_2_007C9EEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0081BE44 0_2_0081BE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B1F32 0_2_007B1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E618E37 17_2_000001D11E618E37
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E6396F2 17_2_000001D11E6396F2
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E639732 17_2_000001D11E639732
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E639E1C 17_2_000001D11E639E1C
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 007B0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 007AF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00799CB3 appears 31 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal72.troj.evad.winEXE@34/34@66/12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008037B5 GetLastError,FormatMessageW, 0_2_008037B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F10BF AdjustTokenPrivileges,CloseHandle, 0_2_007F10BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_007F16C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_008051CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_007FD4DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_0080648E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_007942A2
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246 Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6568:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5296:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3840:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1164:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2820:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Local\Temp\firefox Jump to behavior
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: firefox.exe, 0000000E.00000003.2317049010.000002B44244C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.2240623382.000002B4503C7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;
Source: file.exe ReversingLabs: Detection: 28%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {647ccd71-570b-4ec6-9efb-49c2bc0fae2b} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b434a6dd10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4492 -parentBuildID 20230927232528 -prefsHandle 4484 -prefMapHandle 4480 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69ecc336-1658-46c0-bf13-e6d8ee36fde7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b44571ce10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5060 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b99be95-6a32-4891-a374-7f066e98cf3f} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b446b75b10 utility
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {647ccd71-570b-4ec6-9efb-49c2bc0fae2b} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b434a6dd10 socket Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4492 -parentBuildID 20230927232528 -prefsHandle 4484 -prefMapHandle 4480 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69ecc336-1658-46c0-bf13-e6d8ee36fde7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b44571ce10 rdd Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5060 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b99be95-6a32-4891-a374-7f066e98cf3f} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 2b446b75b10 utility Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2194715379.000002B450BC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2231503323.000002B4421C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2231503323.000002B4421C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2231116039.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2230031110.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2194715379.000002B450BC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2231116039.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2230031110.000002B4421BD000.00000004.00000020.00020000.00000000.sdmp
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_007942DE
PE file contains sections with non-standard names
Source: gmpopenh264.dll.tmp.14.dr Static PE information: section name: .rodata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B0A76 push ecx; ret 0_2_007B0A89
Drops PE files
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) Jump to dropped file
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_007AF98E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00821C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_00821C41
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E618E37 rdtsc 17_2_000001D11E618E37
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 3.6 %
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_007FDBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CC2A2 FindFirstFileExW, 0_2_007CC2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008068EE FindFirstFileW,FindClose, 0_2_008068EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_0080698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_007FD076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_007FD3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00809642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00809642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_0080979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00809B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00809B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00805C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00805C97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_007942DE
Source: firefox.exe, 00000010.00000002.3360439848.0000019AD1500000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: firefox.exe, 00000012.00000002.3354754834.00000208D2FFA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW>>
Source: firefox.exe, 00000010.00000002.3355049783.0000019AD105A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWBb1
Source: firefox.exe, 00000010.00000002.3360439848.0000019AD1500000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: firefox.exe, 00000010.00000002.3355049783.0000019AD105A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3353387161.000001D11DD6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3358278661.000001D11E4A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3359355097.00000208D33E0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000010.00000002.3359204816.0000019AD141D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000010.00000002.3360439848.0000019AD1500000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3358278661.000001D11E4A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files\Mozilla Firefox\firefox.exe Code function: 17_2_000001D11E618E37 rdtsc 17_2_000001D11E618E37
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0080EAA2 BlockInput, 0_2_0080EAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_007C2622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_007942DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B4CE8 mov eax, dword ptr fs:[00000030h] 0_2_007B4CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_007F0B62
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_007C2622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_007B083F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B09D5 SetUnhandledExceptionFilter, 0_2_007B09D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_007B0C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_007F1201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007D2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_007D2BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007FB226 SendInput,keybd_event, 0_2_007FB226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_008122DA
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_007F0B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_007F1663
Source: file.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B0698 cpuid 0_2_007B0698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00808195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_00808195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007ED27A GetUserNameW, 0_2_007ED27A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free, 0_2_007CB952
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_007942DE

Stealing of Sensitive Information
barindex
Yara detected Credential Flusher
Source: Yara match File source: Process Memory Space: file.exe PID: 4764, type: MEMORYSTR
OS version to string mapping found (often used in BOTs)
Source: file.exe Binary or memory string: WIN_81
Source: file.exe Binary or memory string: WIN_XP
Source: file.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe Binary or memory string: WIN_XPe
Source: file.exe Binary or memory string: WIN_VISTA
Source: file.exe Binary or memory string: WIN_7
Source: file.exe Binary or memory string: WIN_8

Remote Access Functionality
barindex
Yara detected Credential Flusher
Source: Yara match File source: Process Memory Space: file.exe PID: 4764, type: MEMORYSTR
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00811204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_00811204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00811806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_00811806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562274 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 233 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.142, 443, 49711, 49712 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49713, 49719, 49723 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.181.142
 youtube.com United States
15169 GOOGLEUS false
34.149.100.209
 prod.remote-settings.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.107.243.93
 push.services.mozilla.com United States
15169 GOOGLEUS false
151.101.65.91
 services.addons.mozilla.org United States
54113 FASTLYUS false
34.107.221.82
 prod.detectportal.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
35.244.181.201
 prod.balrog.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
34.117.188.166
 contile.services.mozilla.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
35.201.103.21
 normandy-cdn.services.mozilla.com United States
15169 GOOGLEUS false
35.190.72.216
 prod.classify-client.prod.webservices.mozgcp.net United States
15169 GOOGLEUS false
34.160.144.191
 prod.content-signature-chains.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
34.120.208.123
 telemetry-incoming.r53-2.services.mozilla.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
example.org 93.184.215.14 true
star-mini.c10r.facebook.com 157.240.196.35 true
prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216 true
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201 true
twitter.com 104.244.42.193 true
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82 true
services.addons.mozilla.org 151.101.65.91 true
dyna.wikimedia.org 185.15.58.224 true
prod.remote-settings.prod.webservices.mozgcp.net 34.149.100.209 true
contile.services.mozilla.com 34.117.188.166 true
youtube.com 142.250.181.142 true
prod.content-signature-chains.prod.webservices.mozgcp.net 34.160.144.191 true
youtube-ui.l.google.com 172.217.19.238 true
us-west1.prod.sumo.prod.webservices.mozgcp.net 34.149.128.2 true
reddit.map.fastly.net 151.101.1.140 true
ipv4only.arpa 192.0.0.170 true
prod.ads.prod.webservices.mozgcp.net 34.117.188.166 true
push.services.mozilla.com 34.107.243.93 true
normandy-cdn.services.mozilla.com 35.201.103.21 true
telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123 true
www.reddit.com unknown unknown
spocs.getpocket.com unknown unknown
content-signature-2.cdn.mozilla.net unknown unknown
support.mozilla.org unknown unknown
firefox.settings.services.mozilla.com unknown unknown
www.youtube.com unknown unknown
www.facebook.com unknown unknown
detectportal.firefox.com unknown unknown
normandy.cdn.mozilla.net unknown unknown
shavar.services.mozilla.com unknown unknown
www.wikipedia.org unknown unknown