Loading ...

Analysis Report wlndows.exe

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:113930
Start date:01.03.2019
Start time:19:37:57
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 16s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:wlndows.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal80.rans.phis.spyw.winEXE@7/1991@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 99.1% (good quality ratio 88.6%)
  • Quality average: 79.6%
  • Quality standard deviation: 31.7%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 21
  • Number of non-executed functions: 13
Cookbook Comments:
  • Adjust boot time
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadFile calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold800 - 100Report FP / FNfalsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementStartup Items1Startup Items1Masquerading1Input Capture1Security Software Discovery11Application Deployment SoftwareInput Capture1Data CompressedStandard Cryptographic Protocol2
Replication Through Removable MediaService ExecutionRegistry Run Keys / Startup Folder1Process Injection1Process Injection1Network SniffingFile and Directory Discovery1Remote ServicesMan in the Browser1Exfiltration Over Other Network MediumFallback Channels
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionObfuscated Files or Information1Input CaptureSystem Information Discovery1Windows Remote ManagementData from Local System1Automated ExfiltrationCustom Cryptographic Protocol

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for submitted fileShow sources
Source: wlndows.exeAvira: Label: HEUR/AGEN.1011584
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\wlndows.exevirustotal: Detection: 66%Perma Link
Multi AV Scanner detection for submitted fileShow sources
Source: wlndows.exevirustotal: Detection: 66%Perma Link

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic ProviderShow sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_00406BCE CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,0_2_00406BCE
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_00406BCE CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,0_1_00406BCE

Spreading:

barindex
Enumerates the file systemShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\Windows PowerShell\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\OneDrive.lnkJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\Recycle Bin.lnkJump to behavior
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004096D7 _chkstk,lstrcatW,lstrcmpiW,lstrlenW,lstrcatW,FindFirstFileW,lstrcmpiW,lstrcmpiW,lstrcatW,lstrcatW,lstrcmpiW,lstrcmpiW,PathFindFileNameW,lstrcmpiW,SetFileAttributesW,lstrcpyW,lstrcatW,MoveFileExW,FindNextFileW,FindClose,0_2_004096D7
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004096D7 _chkstk,lstrcatW,lstrcmpiW,lstrlenW,lstrcatW,FindFirstFileW,lstrcmpiW,lstrcmpiW,lstrcatW,lstrcatW,lstrcmpiW,lstrcmpiW,PathFindFileNameW,lstrcmpiW,SetFileAttributesW,lstrcpyW,lstrcatW,MoveFileExW,FindNextFileW,FindClose,0_1_004096D7

Networking:

barindex
Social media urls found in memory dataShow sources
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.instagram.com/mozilla/
Downloads filesShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Low\how_to_back_files.htmlJump to behavior
Found strings which match to known social media urlsShow sources
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: <li><a class="twitter" href="https://twitter.com/firefox" data-link-type="footer" data-link-name="Twitter (@firefox)">Twitter<span> (@firefox)</span></a></li> equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: <li><a class="twitter" href="https://twitter.com/mozilla" data-link-type="footer" data-link-name="Twitter (@mozilla)">Twitter<span> (@mozilla)</span></a></li> equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: <li><a class="youtube" href="https://www.youtube.com/firefoxchannel" data-link-type="footer" data-link-name="YouTube (firefoxchannel)">YouTube<span> (firefoxchannel)</span></a></li> equals www.youtube.com (Youtube)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?appid=ie8&amp;command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.ar.search.yahoo.com/os?market=ar&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.au.search.yahoo.com/os?market=au&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.e1.search.yahoo.com/os?market=e1&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ar.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ar.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ar.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://au.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://au.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://au.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://hk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://id.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://kr.searchcenter.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=b2ie7</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=ie8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie7</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie7c</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie8ms</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: * Hotmail, contact support@hotmail.com; for spam/privacy issues, contact equals www.hotmail.com (Hotmail)
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com equals www.youtube.com (Youtube)
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: ",a.footerText,"<\/a>");v.push("<\/section>");k(v,a);var g=r.find(this.selector.flyout),it=o.setTrackingAttrs(n(v.join("")),g,{defaults:{n:u+".flyout"}}),nt=g.html(it);if(p&&p.length&&n("section > a",r).replaceWith(p),b=this.classNames.signout,d=this.classNames.signin,y){if(r.find(this.selector.flyoutFooter).off(c),typeof s=="string"&&(s=r.find(s)),s&&s.length&&l&&n.isFunction(l))s.off(h).on(h,l);n(nt).removeClass(b).addClass(d)}else n(nt).removeClass(d).addClass(b)},attachSignInPopupWindow:function(n,t,i,r){n.find(this.selector.flyoutFooter).off(c).on(h+c,b.bind(null,t,i,r))},selector:{flyout:".meflyout",flyouts:".meflyouts",notification:">a>h3>span",flyoutHeader:".meflyout>section>h3",flyoutFooter:".meflyout>section>.mefoot",contentDiv:".meflyout>section>div",contentItem:".meflyout>section>div p",contentList:".meflyout>section>div ul",taskLinks:".meflyout>ul>li>a",tasks:[".meflyout>ul>li>a:eq(0)",".meflyout>ul>li>a:eq(1)",".meflyout>ul>li>a:eq(2)",".meflyout>ul>li>a:eq(3)"]},classNames:{signout:"signout",sig
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g;background:#84bd6c;border-radius:.3rem;color:#fff;display:inline-block;line-height:.7;margin-right:.7rem;padding-bottom:.2rem}.twitter .meflyout>ul li:first-child a::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g;background:rgba(255,255,255,.15);border-color:rgba(255,255,255,.15)}#stripemenuoptions>div .pending span{color:rgba(255,255,255,.5)}#stripemenuoptions p{font-weight:600;font-size:2rem;line-height:1.3;color:#333;margin:1.4rem 1.6rem}.todaynavigation{height:4.1rem;margin:0 21rem 0 -4rem;overflow:hidden;padding:0 4rem;position:relative}.todaynavigation .sectioncontent{-ms-overflow-style:none;-ms-scroll-chaining:none;height:6.1rem;overflow-x:auto;overflow-y:hidden}.todaynavigation .stripenav{overflow:visible}.todaynavigation .stripenav h2{font-weight:600;font-size:1.3rem;line-height:1.384;padding:0 1.1rem 0 1rem;border-right:.1rem solid rgba(0,0,0,.15);margin-right:1rem;color:#146fb1}.todaynavigation .stripenav h2 a{color:inherit}.todaynavigation .stripenav li a{padding:0 1.1rem}.todaynavigation.dhplast .stripenav li:first-child a{padding-left:0}.todaynavigation.dhplast .stripenav li a{padding:0 .8rem}.todaynavigation.dhplast .stripenav li h2{border:0;margin:0;padding:0}.todaynavigation.dhplast
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.bingrewards .meflyout>section li img,.store .meflyout>section li img,.twitter .meflyout>section li img,.xbox .meflyout>section li img,.amazon .meflyout>section li img,.ebay .meflyout>section li img,.yahoomail .meflyout>section li img{float:left;max-height:5rem;margin-right:1.2rem;width:5rem}.bingrewards .meflyout>section li h3,.bingrewards .meflyout>section li h4,.store .meflyout>section li h3,.store .meflyout>section li h4,.twitter .meflyout>section li h3,.twitter .meflyout>section li h4,.xbox .meflyout>section li h3,.xbox .meflyout>section li h4,.amazon .meflyout>section li h3,.amazon .meflyout>section li h4,.ebay .meflyout>section li h3,.ebay .meflyout>section li h4,.yahoomail .meflyout>section li h3,.yahoomail .meflyout>section li h4{font-weight:600;font-size:1.3rem;line-height:1.384;display:inline}.twitter .meflyout>section li h4,.twitter .meflyout>section li time{margin-left:.4rem}.store .meflyout>ul li,.xbox .meflyout>ul li,.amazon .meflyout>ul li,.ebay .meflyout>ul li,.yahoomail .me
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.facebooklite .meflyout>section ul li:nth-child(4) a span{position:relative}.facebooklite .meflyout>section ul li:nth-child(4) a span::after{bottom:1.4rem;color:#fff;font-size:1.7rem;left:2.5rem;position:absolute}.facebooklite .meflyout>section ul li:nth-child(4) a span::before{font-size:2.75rem;left:1rem;position:absolute;top:.5rem}.twitter .meflyout>section li h3,.twitter .meflyout>section li h4{float:left}.mail .meflyout>ul li:last-child a::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.meflyoutcontainer div.mailsignedoutflyout.signout{padding:2rem}.meflyoutcontainer div.mailsignedoutflyout.signout h3{font-weight:200;font-size:2rem;line-height:1.3}.meflyoutcontainer div.mailsignedoutflyout.signout p{font-size:1.3rem;line-height:1.384;margin-bottom:1.5rem;margin-top:.8rem;padding:0}.meflyoutcontainer div.mailsignedoutflyout.signout p>a{background:#167ab7;color:#fff}.meflyoutcontainer div.mailsignedoutflyout.signout ul a{color:#167ab7}.meflyoutcontainer div.mailsignedoutflyout.signout>ul li{height:5rem}#main .mestripeouter .jsskype .meflyout.signout{background-color:#fff}#main .mestripeouter .jsskype .meflyout.signout .loginlink{display:none}#main .mestripeouter .jsskype .meflyout.signout .skype-recents{display:none;height:44rem}.twitter .meflyout>section li h3,.twitter .meflyout>section li h4{float:left}.mail .meflyout>ul li:last-child a::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4466704269.00000000007A4000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.mestripeouter .amazon .meflyout.signin>ul a::before,.mestripeouter .amazon .meflyout>section>a,.mestripeouter .amazon .mefoot{color:#f08804}.mestripeouter .linkedin{border-color:#0077b5}.mestripeouter .linkedin.hover,.mestripeouter .linkedin.staticpage:hover,.mestripeouter .linkedin .meflyout.signout{background:#0077b5}.mestripeouter .linkedin>a>h3::before{color:#0077b5;content:" equals www.linkedin.com (Linkedin)
Source: wlndows.exe, 00000000.00000003.4466704269.00000000007A4000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.mestripeouter .bookingdotcom .meflyout.signin>ul a::before,.mestripeouter .bookingdotcom .meflyout>section>a,.mestripeouter .bookingdotcom .mefoot{color:#003580}.mestripeouter .sponsored>a>span{color:#333;font-size:.9rem;font-weight:600;left:3.4rem;opacity:.6;padding-top:.3rem;position:absolute}.mestripeouter .sponsored.hover>a>span{color:#fff}.mestripeouter .ebay>a>h3::before{content:url(//static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/cfdbd9.png);margin-top:.1rem}.mestripeouter .mail>a>h3::before{font-size:3.2rem;top:.2rem}.mestripeouter .meflyout{border-color:inherit}.mestripeouter .office>a>h3::before{font-size:3.4rem;top:.1rem}.mestripeouter.stripeouter{background:transparent;position:relative;z-index:29999;border:solid #dcdcda;border-width:0 0 .1rem;height:4.8rem;margin-bottom:.4rem}.mestripeouter .twitter>a>h3::before{top:-.1rem}#mestripebg{height:4.4rem;left:0;position:absolute;top:7.8rem;width:100%;z-index:1}.linkedin .meflyout>section ul li,.facebooklite .meflyout>section ul l
Source: wlndows.exe, 00000000.00000003.4466704269.00000000007A4000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.mestripeouter .linkedin .meflyout.signin>ul a::before,.mestripeouter .linkedin .meflyout>section>a,.mestripeouter .linkedin .mefoot{color:#0077b5}.mestripeouter .bookingdotcom{border-color:#003580}.mestripeouter .bookingdotcom.hover,.mestripeouter .bookingdotcom.staticpage:hover,.mestripeouter .bookingdotcom .meflyout.signout{background:#003580}.mestripeouter .bookingdotcom>a>h3::before{color:#003580;content:" equals www.linkedin.com (Linkedin)
Source: wlndows.exe, 00000000.00000003.4466704269.00000000007A4000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.mestripeouter .twitter .meflyout.signin>ul a::before,.mestripeouter .twitter .meflyout>section>a,.mestripeouter .twitter .mefoot{color:#0080aa}.mestripeouter .xbox{border-color:#0078d7}.mestripeouter .xbox.hover,.mestripeouter .xbox.staticpage:hover,.mestripeouter .xbox .meflyout.signout{background:#0078d7}.mestripeouter .xbox>a>h3::before{color:#0078d7;content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.skype .meflyout>ul li:first-child a::before,.twitter .meflyout>ul li:last-child a::before,.facebooklite .meflyout>section ul li:nth-child(4) a span::after,.facebooklite .meflyout>section ul li:nth-child(4) a span::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.twitter .meflyout>section li .tweetactions a:nth-child(2)::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.twitter .meflyout>section li .tweetactions a:nth-child(3)::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.twitter .meflyout>section li .tweetactions span::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4435643453.00000000007A2000.00000004.sdmpString found in binary or memory: ";font-family:ps_g}.twitter .meflyout>ul li:nth-child(2) a::before,.facebooklite .meflyout>section ul li:nth-child(3) a span::before{content:" equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: "bHTTP Mail Serverhttp://oe.msn.msnmail.hotmail.com/cgi-bin/hmdata equals www.hotmail.com (Hotmail)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: 0p <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: lpklegal.txt.4.drString found in binary or memory: Copyright (c) 2012 Twitter, Inc. equals www.twitter.com (Twitter)
Source: lpklegal.txt.4.drString found in binary or memory: Copyright (c) 2014-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: lpklegal.txt.4.drString found in binary or memory: Copyright (c) Facebook, Inc. and its affiliates. equals www.facebook.com (Facebook)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: HFriendly NameMicrosoft Outlook Hotmail Connector equals www.hotmail.com (Hotmail)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: HOutlook 10 built in Hotmail AccountR equals www.hotmail.com (Hotmail)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: Hotmail Connector equals www.hotmail.com (Hotmail)
Source: 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: content-security-policy: script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' fast.fonts.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src www.googletagmanager.com www.google-analytics.com www.youtube-
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: hotmail.* equals www.hotmail.com (Hotmail)
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: ocol/img/logos/firefox/nightly.392751dc0d65.png1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/common-protocol.ba8cf8099488.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/navigation-protocol.96c0ffb6027d.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/stub-attribution.157168bbb235.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/privacy_firefox.2f8743d754a6.js1,1,1542914118,4096predictor::https://mozilla.org/set_hsts.gif1,1,1542914118,4096predictor::https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg1,1,1542914118,4096predictor::https://www.mozilla.org/media/img/logos/firefox/logo-quantum.9c5e96634f92.png1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/logos/mozilla/white.612a25fa976b.svg1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/icons/soci
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: ocol/img/logos/firefox/nightly.392751dc0d65.png1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/common-protocol.ba8cf8099488.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/navigation-protocol.96c0ffb6027d.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/stub-attribution.157168bbb235.js1,1,1542914118,4096predictor::https://www.mozilla.org/media/js/BUNDLES/privacy_firefox.2f8743d754a6.js1,1,1542914118,4096predictor::https://mozilla.org/set_hsts.gif1,1,1542914118,4096predictor::https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg1,1,1542914118,4096predictor::https://www.mozilla.org/media/img/logos/firefox/logo-quantum.9c5e96634f92.png1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/logos/mozilla/white.612a25fa976b.svg1,1,1542914118,4096predictor::https://www.mozilla.org/media/protocol/img/icons/soci
Source: 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: om; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' fast.fonts.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com equals www.youtube.com (Youtube)
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: predictor::https://www.mozilla.org/media/protocol/img/icons/social/twitter/white.799723d2198f.svg equals www.twitter.com (Twitter)
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: predictor::https://www.mozilla.org/media/protocol/img/icons/social/youtube/white.a345a1222d66.svg equals www.youtube.com (Youtube)
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://mail.live.com/default.aspx?rru=compose;Kalender|https://calendar.live.com/calendar/calendar.aspx",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie un
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.id[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.ID.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.in[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.IN.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.kr[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.KR.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.nz[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.NZ.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.th[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.TH.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.co.uk[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.CO.UK.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.mx[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.MX.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.my[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.MY.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.ph[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.PH.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.sg[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.SG.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.tw[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.TW.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: yahoo.com.vn[{AppVPackageRoot}]\Office16\OutlookAutoDiscover\YAHOO.COM.VN.XML equals www.yahoo.com (Yahoo)
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpString found in binary or memory: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DVDVideoSoft\Free YouTube to MP3 Converter Classic\FreeYouTubeToMP3ConverterClassic.exe11366 equals www.youtube.com (Youtube)
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpString found in binary or memory: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Freemake\Freemake YouTube To MP3 Boom\FreemakeYB.exe11644 equals www.youtube.com (Youtube)
Urls found in memory or binary dataShow sources
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ar.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ar.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://au.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://au.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://br.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://br.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ca.seW
Source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: lpklegal.txt.4.drString found in binary or memory: http://calyptus.eu/
Source: lpklegal.txt.4.drString found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: lpklegal.txt.4.drString found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: wlndows.exe, 00000000.00000003.4429457306.00000000007A2000.00000004.sdmpString found in binary or memory: http://codepen.io/anon/pen/YwdLWX
Source: lpklegal.txt.4.drString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: lpklegal.txt.4.drString found in binary or memory: http://dev.office.com/Modules/DevOffice.Fabric/dist/files/OfficeBrandGuide_16Sep2016.pdf.
Source: lpklegal.txt.4.drString found in binary or memory: http://dev.office.com/fabric#/styles/brand-icons
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://download.oracle.com/javase/7/docs/technotes/guides/plugin/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://fr.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://fr.search.yahoo.com/search?p=
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: http://g.live.com/0CR%1/30
Source: wlndows.exe, 00000000.00000003.4569437456.00000000029D0000.00000004.sdmpString found in binary or memory: http://go.micr
Source: wlndows.exe, 00000000.00000003.4569437456.00000000029D0000.00000004.sdmpString found in binary or memory: http://go.microsoft.
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://hk.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://hk.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://id.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://id.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://in.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://it.search.yahoo.com/search?p=
Source: lpklegal.txt.4.drString found in binary or memory: http://jryans.mit-license.org/)
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://kr.search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://kr.searchcenter.yahoo.com/
Source: lpklegal.txt.4.drString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: lpklegal.txt.4.drString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: lpklegal.txt.4.drString found in binary or memory: http://mad4milk.net/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://mx.search.yahoo.com/search?p=
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: wlndows.exe, 00000004.00000003.5437535995.00000000005E0000.00000004.sdmpString found in binary or memory: http://oe.msn.msnmail.hotmail.com/cgi-bin/hmdata
Source: lpklegal.txt.4.drString found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
Source: wlndows.exe, 00000000.00000003.4509772611.00000000007A6000.00000004.sdmpString found in binary or memory: http://pubads.g.doubleclick.net
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://pubads.g.doubleclick.net/gampad/clk?id=4838769533&amp;iu=/6514/www.heise.de/clicktracking/usA
Source: lpklegal.txt.4.drString found in binary or memory: http://redis.io/)
Source: lpklegal.txt.4.drString found in binary or memory: http://redis.io/documentation
Source: lpklegal.txt.4.drString found in binary or memory: http://redis.io/topics/license
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://ru.search.yahoo.com
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://s2.symcb.com0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://search.msn.com/docs/siteowner.aspx.
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.yahoo.com/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://search.yahoo.com/search?p=
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://shop.heise.de/zeitschriften/digitale-fotografie
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://shop.heise.de/zeitschriften/hardware-hacks
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://shop.heise.de/zeitschriften/ix
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://shop.heise.de/zeitschriften/mac-i
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://shop.heise.de/zeitschriften/technology-review
Source: lpklegal.txt.4.drString found in binary or memory: http://source.icu-project.org/repos/icu/
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command=
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://upx.tsx.org
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: lpklegal.txt.4.drString found in binary or memory: http://www.apache.org/).
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: lpklegal.txt.4.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://www.heise.de/mediadaten/online/
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
Source: lpklegal.txt.4.drString found in binary or memory: http://www.ibm.com.
Source: lpklegal.txt.4.drString found in binary or memory: http://www.jcraft.com/jzlib/LICENSE.txt);
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://www.nexus.hu/upx
Source: lpklegal.txt.4.drString found in binary or memory: http://www.openssl.org/)
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://www.sgi.com/software/opensource/glx/license.html.
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: http://www.techstage.de
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/Public/
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/Public/.
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/cldr/data/
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/copyright.html.
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/reports/
Source: lpklegal.txt.4.drString found in binary or memory: http://www.unicode.org/utility/trac/browser/.
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpString found in binary or memory: http://www.xfree86.org/)
Source: lpklegal.txt.4.drString found in binary or memory: http://www.zlib.net/zlib_license.html.
Source: lpklegal.txt.4.drString found in binary or memory: http://zlib.net/.
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://abouthome-snippets-service.readthedocs.io/en/latest/data_collection.html
Source: BAE83953DF6207CEC9795355099012143713DCE1.4.drString found in binary or memory: https://accounts-static.cdn.mozilla.net/bundle-bd7ff9b8746925719b1c5bcab001a90ea7a111cb/appDependenc
Source: 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: https://accounts.firefox.com.cn/;
Source: 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: https://accounts.firefox.com/
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://blog.mozilla.org/
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://blog.mozilla.org/press/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://business-services.heise.de/
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://calendar.live.com/calendar/calendar.aspx
Source: lpklegal.txt.4.drString found in binary or memory: https://code.google.com/p/booksleeve/)
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: wlndows.exe, 00000002.00000003.5302536689.000000000074B000.00000004.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: lpklegal.txt.4.drString found in binary or memory: https://dev.office.com/fabric#/styles/icons;
Source: lpklegal.txt.4.drString found in binary or memory: https://dev.office.com/fabric#/styles/typography;
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://developer.mozilla.org/?utm_source=www.mozilla.org&amp;utm_medium=referral&amp;utm_campaign=n
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://donate.mozilla.org/en-US/?presets=50
Source: wlndows.exe, 00000000.00000003.4954894967.00000000007AA000.00000004.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefo
Source: wlndows.exe, 00000000.00000003.4954894967.00000000007AA000.00000004.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&amp;os
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/mobile/android/fennec/adjust.html
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/mobile/android/fennec/mma.html
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/data/environment.html
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/toolkit/crashreporter/crashreporter/index.html
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://foundation.mozilla.org
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://games.mozilla.org/?utm_source=www.mozilla.org&amp;utm_medium=referral&amp;utm_campaign=nav&a
Source: lpklegal.txt.4.drString found in binary or memory: https://github.com/MSOpenTech/redis/blob/2.6/license.txt
Source: lpklegal.txt.4.drString found in binary or memory: https://github.com/antirez/redis-doc/blob/master/COPYRIGHT
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://github.com/mozilla-mobile/firefox-ios/blob/master/
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://github.com/mozilla/bedrock/tree/master/bedrock/privacy/templates/privacy/notices/firefox-qua
Source: lpklegal.txt.4.drString found in binary or memory: https://github.com/requirejs/requirejs.
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://gutscheine.heise.de/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://gzhls.at/i/44/56/1804456-s0.jpg
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://gzhls.at/i/44/62/1804462-s0.jpg
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://gzhls.at/i/52/81/1685281-s0.jpg
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise-gruppe.de/-1812545
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1024/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/mac-and-i/i
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1232/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1236/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1266/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/127/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1279/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/130/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1386/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1395/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1400/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1400/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/tr/imgs/08/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1414/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/3
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1440/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1491/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1500/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1500/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4477812748.00000000007A5000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1537/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1537/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2//
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1600/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1600/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/mac-and-i/i
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1600/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/162/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1780/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1820/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1842/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1860/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1920/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/4
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1920/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1974/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/1999/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2048/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/mac-and-i/i
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2048/q50.png-lossy-50.webp-lossy-50.foil1/_w
Source: wlndows.exe, 00000000.00000003.4477812748.00000000007A5000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2048/q50.png-lossy-50.webp-lossy-50.foil1/_w-
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2048/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/ix/imgs/05/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2310/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/240/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/4/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2430/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2464/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2472/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2532/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/254/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2550/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/2
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2558/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/260/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2772/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2790/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/2982/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/300/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/2/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3000/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3000/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3200/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/324/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3453/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3840/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/4
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3840/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/3998/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/4096/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/ix/imgs/05/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/4620/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/480/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/4/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/4920/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/4928/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/600/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/2/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/6906/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/700/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/700/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/tr/imgs/08/2
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/707/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/3/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/720/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/09/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/800/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/800/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/mac-and-i/im
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/890/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/910/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/921/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/930/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/9840/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/09/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/9856/q30.png-lossy-30.webp-lossy-30.foil1/_www-heise-de_/imgs/18/2/5
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://heise.cloudimg.io/width/987/q50.png-lossy-50.webp-lossy-50.foil1/_www-heise-de_/imgs/18/2/5/
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://help.getpocket.com/article/1142-firefox-new-tab-recommendations
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://iot.mozilla.org/?utm_source=www.mozilla.org&amp;utm_medium=referral&amp;utm_campaign=nav&amp
Source: lpklegal.txt.4.drString found in binary or memory: https://jquery.org/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://karriere-netzwerk.heise.de/
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://mail.live.com/default.aspx
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://mail.live.com/default.aspx?rru=compose;Kalender
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://mixedreality.mozilla.org/?utm_source=www.mozilla.org&amp;utm_medium=referral&amp;utm_campaig
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmp, wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://mozilla.org/set_hsts.gif
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://mozilla.org/set_hsts.gif1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://mozilladevelopers.github.io/playground/?utm_source=www.mozilla.org&amp;utm_medium=referral&a
Source: wlndows.exe, 00000002.00000003.4732783896.0000000000744000.00000004.sdmpString found in binary or memory: https://mths.be/fromcodepoint
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/#qt=mru
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
Source: wlndows.exe, 00000000.00000003.4569437456.00000000029D0000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/about/en-us/0
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com/about/en/download/
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com;Fotos
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com;OneDrive-App
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
Source: wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: https://pki.goog/repository/0
Source: wlndows.exe, 00000000.00000003.4954894967.00000000007AA000.00000004.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beac
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmp, wlndows.exe, 00000002.00000003.4897983813.0000000000747000.00000004.sdmp, 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: wlndows.exe, 00000000.00000003.4511292612.00000000007A7000.00000004.sdmpString found in binary or memory: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/hifi/hifi.js
Source: wlndows.exe, 00000000.00000003.4509772611.00000000007A6000.00000004.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://shop.heise.de
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://shop.heise.de/abo
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://shop.heise.de/artikel-archiv/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://shop.heise.de/ct_1coa1820
Source: lpklegal.txt.4.drString found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://spiele.heise.de
Source: wlndows.exe, 00000002.00000003.4457154423.0000000002804000.00000004.sdmpString found in binary or memory: https://support.mozilla.org
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/advanced-settings-browsing-network-updates-encryption#w_certificates-
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/desktop-privacy
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/how-stop-firefox-automatically-making-connections#w_auto-update-check
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/secure-website-certificate
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/send-anonymous-usage-data-firefox-mobile-devices
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://support.mozilla.org/kb/use-popular-search-suggestions-firefox-search-bar
Source: wlndows.exe, 00000002.00000003.4457241891.000000000280C000.00000004.sdmpString found in binary or memory: https://support.mozilla.orgd
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://twitter.com/firefox
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://twitter.com/mozilla
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://voice.mozilla.org/?utm_source=www.mozilla.org&amp;utm_medium=referral&amp;utm_campaign=nav&a
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://wiki.mozilla.org/Webdev/GetInvolved/mozilla.org
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.adjust.com/privacy_policy/
Source: wlndows.exe, 00000000.00000003.4429457306.00000000007A2000.00000004.sdmpString found in binary or memory: https://www.desmos.com/calculator/nhj6qsinqn
Source: wlndows.exe, 00000000.00000003.4535137949.00000000007A8000.00000004.sdmp, wlndows.exe, 00000002.00000003.4445652515.000000000073D000.00000004.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.google-analytics.com/plugins/ua/linkid.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.google-analytics.com/plugins/ua/linkid.js1
Source: wlndows.exe, 00000002.00000003.4457241891.000000000280C000.00000004.sdmpString found in binary or memory: https://www.google.com
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.google.com/search?q=flash
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer1
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://www.heise-events.de/tr_kikonf
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://www.heise.de/brandworlds/cloud-services/
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://www.heise.de/thema/Linux-und-Open-Source
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.instagram.com/mozilla/
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.leanplum.com/privacy/
Source: wlndows.exe, 00000002.00000003.4457241891.000000000280C000.00000004.sdmpString found in binary or memory: https://www.mozilla.org
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/firefox/61.0.1/firstrun/Welcome
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/firefox/63.0.3/whatsnew/?oldversion=61.0.1See
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmp, 66F684AF9CC570C6247262B47C769C601C2A338B.4.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/necko:classified1strongly-framed1security-infoFnhllAKW
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/css/BUNDLES/privacy_protocol.07090bc5ee20.css
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/css/BUNDLES/privacy_protocol.07090bc5ee20.css1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/css/BUNDLES/protocol-core.cc4e6306808b.css
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/css/BUNDLES/protocol-core.cc4e6306808b.css1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-bold.5cf854f3d1c0.woff2
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-bold.5cf854f3d1c0.woff21
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmp, wlndows.exe, 00000002.00000003.4897983813.0000000000747000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-italic.c86748d08341.woff2
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-italic.c86748d08341.woff21
Source: wlndows.exe, 00000002.00000003.4897983813.0000000000747000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-italic.c86748d08341.woff2strongly-framed1security-infoF
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-regular.668362de763a.woff2
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/fonts/opensans-regular.668362de763a.woff21
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/firefox/template/page-image.4b108ed0b8d8.png
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/logos/firefox/logo-quantum.9c5e96634f92.png
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/logos/firefox/logo-quantum.9c5e96634f92.png1
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/placeholder.71a50dbba44c.png
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/img/placeholder.71a50dbba44c.png1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/common-protocol.ba8cf8099488.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/common-protocol.ba8cf8099488.js1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/gtm-snippet.9f9cf2026c5f.js
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/gtm-snippet.9f9cf2026c5f.js1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/navigation-protocol.96c0ffb6027d.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/navigation-protocol.96c0ffb6027d.js1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/privacy_firefox.2f8743d754a6.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/privacy_firefox.2f8743d754a6.js1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/site.1fe163d3cb11.js
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/site.1fe163d3cb11.js1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/stub-attribution.157168bbb235.js
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/js/BUNDLES/stub-attribution.157168bbb235.js1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/prot
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/instagram/white.c37f20f03c48.svg
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/instagram/white.c37f20f03c48.svg1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/twitter/white.799723d2198f.svg
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/twitter/white.799723d2198f.svg1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/youtube/white.a345a1222d66.svg
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/youtube/white.a345a1222d66.svg1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/beta.dedbae9260da.png
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/beta.dedbae9260da.png1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/developer.37e642934cce.png
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/developer.37e642934cce.png1
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/firefox.3a7f6cda231d.png
Source: wlndows.exe, 00000000.00000003.4954692845.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/firefox.3a7f6cda231d.png1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg1
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/mozilla/white.612a25fa976b.svg
Source: wlndows.exe, 00000000.00000003.4954570081.00000000007C5000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/mozilla/white.612a25fa976b.svg1
Source: wlndows.exe, 00000002.00000003.4453763091.00000000026EC000.00000004.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: lpklegal.txt.4.drString found in binary or memory: https://www.nuget.org/packages/Redis-64)
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
Source: wlndows.exe, 00000000.00000003.4467764427.00000000007A4000.00000004.sdmpString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://www.techstage.de/ratgeber/Ratgeber-Smarte-Weihnachtsbeleuchtung-4213043.html?wt_mc=intern.ne
Source: wlndows.exe, 00000000.00000003.4526594006.00000000007A7000.00000004.sdmpString found in binary or memory: https://www.techstage.de/ratgeber/Sechs-Sportuhren-im-Vergleich-Das-koennen-Garmin-Fitbit-Co-4208135
Source: wlndows.exe, 00000000.00000003.4427513110.00000000007A1000.00000004.sdmpString found in binary or memory: https://www.webtrekk.com/en/index/preference-based-advertising/
Source: wlndows.exe, 00000000.00000003.5099123132.00000000007B1000.00000004.sdmpString found in binary or memory: https://www.youtube.com/firefoxchannel

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)Show sources
Source: wlndows.exe, 00000000.00000002.5509762816.000000000077A000.00000004.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands:

barindex
Modifies existing user documents (likely ransomware behavior)Show sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\Desktop\EIVQSAOTAQ.xlsxJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile deleted: C:\Users\user\Desktop\EIVQSAOTAQ.xlsxJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\Desktop\GIGIYTFFYT.xlsxJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile deleted: C:\Users\user\Desktop\GIGIYTFFYT.xlsxJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\Desktop\EIVQSAOTAQ\GIGIYTFFYT.xlsxJump to behavior
Moves / writes many txt or jpg files (may be a ransomware encrypting documents)Show sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131959715485206888.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\AppData\Local\VirtualStore\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\Mso Example Setup File A.txtJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131873872488427195.txtJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131873874212773327.txtJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{865037b7-3459-4612-b0b4-aa0e4f6c7ba4}\0.0.filtertrie.intermediate.txtJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\12UGI5G9\BBPXmwh[1].jpgJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\Documents\GIGIYTFFYT.jpgJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile moved: C:\Users\user\Desktop\QCOILOQIKC.jpgJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\4HIGDOEE\2018kw29-die-besten-multiplayer-spiele-01-d9f3934b0456bfc9[1].jpgJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile moved: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\4HIGDOEE\RX-Serie_von_Sony-496abe097726d9eb[1].jpgJump to behavior

System Summary:

barindex
Contains functionality to call native functionsShow sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004023D5 NtQueryVirtualMemory,0_2_004023D5
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004023D5 NtQueryVirtualMemory,0_1_004023D5
Creates mutexesShow sources
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4560:120:WilError_01
Detected potential crypto functionShow sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_00402C510_2_00402C51
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004032130_2_00403213
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004028B70_2_004028B7
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_00407F1D0_2_00407F1D
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004037AA0_2_004037AA
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004021B40_2_004021B4
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_00407DBA0_2_00407DBA
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_00402C510_1_00402C51
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004032130_1_00403213
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004028B70_1_004028B7
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_00407F1D0_1_00407F1D
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004037AA0_1_004037AA
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004021B40_1_004021B4
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_00407DBA0_1_00407DBA
Sample file is different than original file name gathered from version infoShow sources
Source: wlndows.exe, 00000000.00000003.4569437456.00000000029D0000.00000004.sdmpBinary or memory string: OriginalFilenameOneDriveSetup.exeF vs wlndows.exe
Source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmpBinary or memory string: OriginalFilenamemaintenanceservice_installer.exe0 vs wlndows.exe
Source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmpBinary or memory string: OriginalFilenameawt.dllN vs wlndows.exe
Sample reads its own file contentShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile read: C:\Users\user\Desktop\wlndows.exeJump to behavior
Tries to load missing DLLsShow sources
Source: C:\Users\user\Desktop\wlndows.exeSection loaded: wow64log.dllJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeSection loaded: wow64log.dllJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeSection loaded: wow64log.dllJump to behavior
PE file contains only one sectionShow sources
Source: wlndows.exe.0.drStatic PE information: Section .rdata
Source: wlndows.exeStatic PE information: Section .rdata
Classification labelShow sources
Source: classification engineClassification label: mal80.rans.phis.spyw.winEXE@7/1991@0/0
Creates files inside the program directoryShow sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile created: C:\Program Files (x86)\how_to_back_files.htmlJump to behavior
Creates files inside the user directoryShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\AppData\Local\wlndows.exeJump to behavior
Creates temporary filesShow sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile created: C:\Users\user\AppData\Local\Temp\Low\how_to_back_files.htmlJump to behavior
Reads ini filesShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile read: C:\Users\desktop.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\wlndows.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Sample is known by AntivirusShow sources
Source: wlndows.exevirustotal: Detection: 66%
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\wlndows.exe 'C:\Users\user\Desktop\wlndows.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\wlndows.exe 'C:\Users\user\AppData\Local\wlndows.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\wlndows.exe 'C:\Users\user\AppData\Local\wlndows.exe'
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_to_back_files.html
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3180 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3180 CREDAT:17410 /prefetch:2
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
Writes ini filesShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile written: C:\Users\desktop.iniJump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dll
Binary contains paths to debug symbolsShow sources
Source: Binary string: z:\build\build\src\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb source: wlndows.exe, 00000000.00000003.5472785376.00000000007FB000.00000004.sdmp
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u20\791\build\windows-i586\jdk\objs\libawt\awt.pdb source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmp
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u20\791\build\windows-i586\jdk\objs\libawt\awt.pdb8n source: wlndows.exe, 00000002.00000003.5172540814.00000000026E0000.00000004.sdmp

Data Obfuscation:

barindex
Entry point lies outside standard sectionsShow sources
Source: initial sampleStatic PE information: section where entry point is pointing to: .rdata
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004021A3 push ecx; ret 0_2_004021B3
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004016A6 push ebx; retf 0_1_004016A7
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_00401314 push 00000063h; ret 0_1_0040131A
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004021A3 push ecx; ret 0_1_004021B3

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\AppData\Local\wlndows.exeJump to dropped file
Source: C:\Users\user\AppData\Local\wlndows.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYML.TTFJump to dropped file
Drops files with a non-matching file extension (content does not match file extension)Show sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYML.TTFJump to dropped file

Boot Survival:

barindex
Stores files to the Windows start menu directoryShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Windows PowerShell\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\System Tools\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Startup\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Maintenance\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Administrative Tools\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Accessories\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile created: C:\Users\user\Start Menu\Programs\Accessibility\how_to_back_files.htmlJump to behavior
Creates an autostart registry keyShow sources
Source: C:\Users\user\Desktop\wlndows.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrowserUpdateCheckJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrowserUpdateCheckJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrowserUpdateCheckJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrowserUpdateCheckJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Monitors certain registry keys / values for changes (often done to protect autostart functionality)Show sources
Source: C:\Windows\System32\OpenWith.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Enumerates the file systemShow sources
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\Windows PowerShell\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\OneDrive.lnkJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wlndows.exeFile opened: C:\Users\user\Start Menu\Programs\Recycle Bin.lnkJump to behavior
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\AppData\Local\wlndows.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYML.TTFJump to dropped file
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_004096D7 _chkstk,lstrcatW,lstrcmpiW,lstrlenW,lstrcatW,FindFirstFileW,lstrcmpiW,lstrcmpiW,lstrcatW,lstrcatW,lstrcmpiW,lstrcmpiW,PathFindFileNameW,lstrcmpiW,SetFileAttributesW,lstrcpyW,lstrcatW,MoveFileExW,FindNextFileW,FindClose,0_2_004096D7
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_1_004096D7 _chkstk,lstrcatW,lstrcmpiW,lstrlenW,lstrcatW,FindFirstFileW,lstrcmpiW,lstrcmpiW,lstrcatW,lstrcatW,lstrcmpiW,lstrcmpiW,PathFindFileNameW,lstrcmpiW,SetFileAttributesW,lstrcpyW,lstrcatW,MoveFileExW,FindNextFileW,FindClose,0_1_004096D7
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpBinary or memory string: *|hyper-v manager*|hyper v4225
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VMware\VMware vCenter Converter Standalone\converter.exe11333
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware horizon client*|vdi3191
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VMware\VMware Workstation\vmnetcfg.exe11073
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware workstation 14 player*|vmplayer5468
Source: appssynonyms.txt.4.drBinary or memory string: *|*|qemu10501
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpBinary or memory string: *|hyper-v manager*|hyperv3631
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware horizon client*|view4169
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware vsphere client*|vcenter4341
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware vsphere client*|vspe5708
Source: wlndows.exe, 00000000.00000003.4688781372.00000000007AD000.00000004.sdmpBinary or memory string: VMware.View.Client10660
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware horizon client*|vmare6743
Source: appssynonyms.txt.4.drBinary or memory string: *|vmware workstation 12 player*|vmpl5057
Program exit pointsShow sources
Source: C:\Users\user\Desktop\wlndows.exeAPI call chain: ExitProcess graph end nodegraph_0-3189

Anti Debugging:

barindex
Contains functionality which may be used to detect a debugger (GetProcessHeap)Show sources
Source: C:\Users\user\Desktop\wlndows.exeCode function: 0_2_00402765 GetProcessHeap,RtlFreeHeap,0_2_00402765

HIPS / PFW / Operating System Protection Evasion:

barindex
May try to detect the Windows Explorer process (often used for injection)Show sources
Source: wlndows.exe, 00000000.00000002.5511239585.0000000000E00000.00000002.sdmp, wlndows.exe, 00000002.00000002.5522369517.0000000000E00000.00000002.sdmp, wlndows.exe, 00000004.00000002.5533666913.0000000000D30000.00000002.sdmpBinary or memory string: Program Manager
Source: wlndows.exe, 00000000.00000002.5511239585.0000000000E00000.00000002.sdmp, wlndows.exe, 00000002.00000002.5522369517.0000000000E00000.00000002.sdmp, wlndows.exe, 00000004.00000002.5533666913.0000000000D30000.00000002.sdmpBinary or memory string: Shell_TrayWnd
Source: wlndows.exe, 00000000.00000002.5511239585.0000000000E00000.00000002.sdmp, wlndows.exe, 00000002.00000002.5522369517.0000000000E00000.00000002.sdmp, wlndows.exe, 00000004.00000002.5533666913.0000000000D30000.00000002.sdmpBinary or memory string: Progman
Source: wlndows.exe, 00000000.00000002.5511239585.0000000000E00000.00000002.sdmp, wlndows.exe, 00000002.00000002.5522369517.0000000000E00000.00000002.sdmp, wlndows.exe, 00000004.00000002.5533666913.0000000000D30000.00000002.sdmpBinary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a deviceShow sources
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Queries the cryptographic machine GUIDShow sources
Source: C:\Users\user\Desktop\wlndows.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Overwrites Mozilla Firefox settingsShow sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\blocklist.xmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\blocklist.xmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\blocklist.xmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0eb29520-5d99-4f0f-96b0-ee049b2714d4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0eb29520-5d99-4f0f-96b0-ee049b2714d4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0eb29520-5d99-4f0f-96b0-ee049b2714d4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\4d28f4cc-f0ac-4d0f-85f6-837e467f135bJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\4d28f4cc-f0ac-4d0f-85f6-837e467f135bJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\4d28f4cc-f0ac-4d0f-85f6-837e467f135bJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\72d0fa3a-f80e-463f-8a21-7008a3699ad1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\72d0fa3a-f80e-463f-8a21-7008a3699ad1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\72d0fa3a-f80e-463f-8a21-7008a3699ad1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\8e037647-bad6-452d-a4ee-3f460605939fJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\8e037647-bad6-452d-a4ee-3f460605939fJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\8e037647-bad6-452d-a4ee-3f460605939fJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\e8c60679-723a-4fde-bf28-da7ae927bf56Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\e8c60679-723a-4fde-bf28-da7ae927bf56Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\e8c60679-723a-4fde-bf28-da7ae927bf56Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\session-state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\session-state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\session-state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127299.4d28f4cc-f0ac-4d0f-85f6-837e467f135b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127299.4d28f4cc-f0ac-4d0f-85f6-837e467f135b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127299.4d28f4cc-f0ac-4d0f-85f6-837e467f135b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127324.3b63404c-64b8-4020-b027-997d7670e7bc.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127324.3b63404c-64b8-4020-b027-997d7670e7bc.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127324.3b63404c-64b8-4020-b027-997d7670e7bc.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127343.d1db20c6-0e39-4658-8b7c-bb47c84d8bd2.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127343.d1db20c6-0e39-4658-8b7c-bb47c84d8bd2.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127343.d1db20c6-0e39-4658-8b7c-bb47c84d8bd2.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127357.72d0fa3a-f80e-463f-8a21-7008a3699ad1.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127357.72d0fa3a-f80e-463f-8a21-7008a3699ad1.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127357.72d0fa3a-f80e-463f-8a21-7008a3699ad1.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127360.747d17d6-b0b8-4b7f-8a21-92a68cf2cfa2.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127360.747d17d6-b0b8-4b7f-8a21-92a68cf2cfa2.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127360.747d17d6-b0b8-4b7f-8a21-92a68cf2cfa2.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914141793.0eb29520-5d99-4f0f-96b0-ee049b2714d4.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914141793.0eb29520-5d99-4f0f-96b0-ee049b2714d4.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914141793.0eb29520-5d99-4f0f-96b0-ee049b2714d4.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149725.8e037647-bad6-452d-a4ee-3f460605939f.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149725.8e037647-bad6-452d-a4ee-3f460605939f.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149725.8e037647-bad6-452d-a4ee-3f460605939f.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149756.20ee48f9-8a92-4a9a-9d75-58cc1a34c965.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149756.20ee48f9-8a92-4a9a-9d75-58cc1a34c965.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149756.20ee48f9-8a92-4a9a-9d75-58cc1a34c965.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149773.98b122d5-af9f-4027-94cf-e7ad52719185.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149773.98b122d5-af9f-4027-94cf-e7ad52719185.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149773.98b122d5-af9f-4027-94cf-e7ad52719185.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487512.e8c60679-723a-4fde-bf28-da7ae927bf56.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487512.e8c60679-723a-4fde-bf28-da7ae927bf56.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487512.e8c60679-723a-4fde-bf28-da7ae927bf56.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487580.aca3ebbf-c038-4f3f-afd3-e144a8c4ad02.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487580.aca3ebbf-c038-4f3f-afd3-e144a8c4ad02.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487580.aca3ebbf-c038-4f3f-afd3-e144a8c4ad02.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487602.91b6d957-579f-429a-a210-c5ce60f7fbb5.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487602.91b6d957-579f-429a-a210-c5ce60f7fbb5.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487602.91b6d957-579f-429a-a210-c5ce60f7fbb5.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pluginreg.datJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pluginreg.datJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pluginreg.datJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\webappsstore.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\webappsstore.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\webappsstore.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\xulstore.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\xulstore.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\xulstore.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\upgrade.jsonlz4-20181114214635Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\upgrade.jsonlz4-20181114214635Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\upgrade.jsonlz4-20181114214635Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0c11ff31-843e-432a-8f78-3d970fbbef96Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0c11ff31-843e-432a-8f78-3d970fbbef96Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0c11ff31-843e-432a-8f78-3d970fbbef96Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914121707.0c11ff31-843e-432a-8f78-3d970fbbef96.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914121707.0c11ff31-843e-432a-8f78-3d970fbbef96.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914121707.0c11ff31-843e-432a-8f78-3d970fbbef96.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\how_to_back_files.htmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\how_to_back_files.htmlJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-phish-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\5B8B37C527D2FA262F72D52606D6AFBF16277F18Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-unwanted-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\parent.lockJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\6C9B846926C287B15F67D64CE91F1CFA7D812660Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2E52D96DFECF67189FBAB36F6F16ED8448FF369CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\3E290E125CFE85D99876F2511BCAE3E943A125E3Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\DC694079D7EB45A787B8835F978D5A274154AD4FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127357.72d0fa3a-f80e-463f-8a21-7008a3699ad1.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0c11ff31-843e-432a-8f78-3d970fbbef96Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\8e037647-bad6-452d-a4ee-3f460605939fJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-block-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\96E3CDF8FA4A0DCBB81F0A922B22FED61FC7D2FBJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-track-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\4d28f4cc-f0ac-4d0f-85f6-837e467f135bJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487512.e8c60679-723a-4fde-bf28-da7ae927bf56.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\upgrade.jsonlz4-20181114214635Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-unwanted-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\5D9ABE9BC0A6FB7E8C38856C636DF1CB8C6A99A0Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\D9BF192285E74DE7587B09C71917FA430940864EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\863C89121F6B8F9B86DAD458CF263CE94F9E75B2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\DEF1E06D3E473E2D8FFBC163651A9F880309E087Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flashsubdoc-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\79D9299DCA4C4702622559344441594F830FFF1EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\F3739987FA7BAA002703846712864F2C29F826FBJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\3C0E3DBC33BD4E6DC5ADEA4235CC05A2AE03A138Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914121707.0c11ff31-843e-432a-8f78-3d970fbbef96.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-trackwhite-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\22DAC3D37DF81B4B526863FB501556D2C6856143Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\BAE83953DF6207CEC9795355099012143713DCE1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\BFBD917C257D48A5254ECBAA4F8A461165D859E1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\CB8DB83DF9F9A43259CE1FF136C765895B6BCCECJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\D32CA3C151FB83F0FAF360FE92680B59A7112A6AJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\6509930F4539DB79DA356F2C5D01976D46756302Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\D9968836C779EDBB31C4D66353FD9A1A52898771Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\11EA8DB52CD70FA50DC1C2A380D4982776F0917AJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\47A025C548B7073DC102FAFD2DBB51CCC567EC0CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\mozstd-trackwhite-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\396B25E3AC557EBDAA56D903491D9AA59A6920A4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\8419A2637E780F24D2A2B6A86D7C862193C89CBAJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\A80C49D3378E40CB6793DC90F78C19523A0728D8Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\7D909C26FECC24BC7415ED64B3E8879A6CD4C2A4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\1E6067CDAD71758924FA39E963270D21BDDCB238Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flashsubdoc-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\C303D4B7E6B7F84EFE7E36D8867C089B6908065EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\53DAE4B1D7BFF6744CCAF7207DE631267F9883DCJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\208FF1130D26FA0CD3BB41CDC42FA496B6D1C0E1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\162F65255744DADA5656C20B5F66F33D11217813Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127299.4d28f4cc-f0ac-4d0f-85f6-837e467f135b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\mozplugin-block-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487580.aca3ebbf-c038-4f3f-afd3-e144a8c4ad02.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\1A6D0AC0D2198FADBC4C58E0FB5B020505413D2FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\1A5F631CC9DBBA7D8F1EAF299072EF0D8FA68FB5Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127343.d1db20c6-0e39-4658-8b7c-bb47c84d8bd2.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\E303A397A52CC54A5986999981E5BB7ED88C1504Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2C2452D5F17E8C8117E1B9D286EC63C56DB600B4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\EA2D782901A692C1CE67B76F5636D2907A455C35Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\156E12DD60F1A0FC7A59E111271607CE915286FCJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\6F8FB05C3E9A1CA784E95E26C4638A92CF75288FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\scriptCache.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\allow-flashallow-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\04D97932BEFA6E59E1BCC257AEC4393829796730Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\FB891E0C98902B32C1DF58906474B40B9A300927Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127324.3b63404c-64b8-4020-b027-997d7670e7bc.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-trackwhite-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149725.8e037647-bad6-452d-a4ee-3f460605939f.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\EAADED10FB8EB24509F662D6E2B0BC411204ADA0Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\18303A7E774E4DE18A9A9687C81FA07EC4222DE8Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\02E454EF5AC5B0D259C6EC7434BC111A209147F6Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flash-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\session-state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\AF3D286772C601B77184DF2DDA8ED91D1624DFDFJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542915487602.91b6d957-579f-429a-a210-c5ce60f7fbb5.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\scriptCache-child.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2C9A1D353B38A1D3AFF37221761B7C666F1B5C93Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\328F54A0F682EFE37E13D84C8FC5D64D52D84728Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\TRRBlacklist.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\scriptCache-current.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\5E4954707B44E5A4B4ACF5F22B52219A1DCA477FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flashallow-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\thumbnails\ad5a4453bea49203135688a7b8db842d.pngJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\urlCache.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\8BC02F2C9B719A206A196C569C93DF7E0F9478E0Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\BC3A3966E4259F444EDC5C5B5B1301F413014E1AJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\xulstore.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pluginreg.datJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\B09E290C53DAB9DCDE3ED4282E21DE1A53953F49Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flashallow-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149756.20ee48f9-8a92-4a9a-9d75-58cc1a34c965.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\block-flash-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-malware-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\124344B29D5EFA0AB6904D0DCB64312B672162DBJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\block-flashsubdoc-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\mozstd-trackwhite-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\AlternateServices.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-malware-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\8953D02ADB0BDFD904A954B319E97ADFACC83D8EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\33311E077A855D3FBF94FD5ACD00D5ABCD299335Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\base-track-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\except-flash-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\trash25596\17400Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\webext.sc.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\SecurityPreloadState.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914149773.98b122d5-af9f-4027-94cf-e7ad52719185.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\72d0fa3a-f80e-463f-8a21-7008a3699ad1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\scriptCache-child-current.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2FD2E2A71F89E3A92F68CB796207228217259289Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\5315647FE38E13553B4596489148835701947835Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\78DBE55782B7B81AF853B4884323B48C34429A53Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\A02D5AC48AAEBEAFEED63256030E5B9CD1889379Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\436694669E0F7EB8762D34967E9C9615F7B48A23Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-block-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\BE5748A821F706A5E07FAA429AD96DDDB7413E35Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\9805D61B92711D001913AA29EF51FDC7C2B566B3Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\startupCache\urlCache-current.binJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914141793.0eb29520-5d99-4f0f-96b0-ee049b2714d4.update.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\1546542C0BF2141CCF7854D8845A473A007AE726Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\e8c60679-723a-4fde-bf28-da7ae927bf56Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-track-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\datareporting\archived\2018-11\1542914127360.747d17d6-b0b8-4b7f-8a21-92a68cf2cfa2.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\2AE477CBE0C40D524FAEF0B653A56014A9D7061CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\saved-telemetry-pings\0eb29520-5d99-4f0f-96b0-ee049b2714d4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\7E5802BC661C94BB0C9B9720477942036D82322BJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\301F6B6CA29C9B46BD0A04882FAD146EB510F005Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\C90ABB947BF0E9D06CFDB08C8B8E60820F1F7628Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\248AE5CDDE25AF76812473C25D3168AB5F2D0307Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\1679441B8AA7B4D31717C773CC4E86A25B37532BJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\E325B486B777C14C29762600D998974140F8FD34Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\blocklist.xmlJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\591ADB95490D72ADA946B2A29207809196BBF7BAJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\storage\default\about+home\.metadataJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\base-track-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\E044228CC91563D0417E4365BC256BF9734ED0B7Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\9671DB4E21A40D05E565A5211964DD6D443A716FJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\33CC529B675D3329A23E6832C853EA5FC08E07C2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\9A5EF06F16171A9BDA90EE71C06F89A0C79BF17CJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\B27FF9C2D1E30698644271340400374692925B61Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\3C65B887EA29E617091A5AE14B0D7268FA2053A2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\BFFE6F5B2411D9CBC00CF56352894B977036BB4EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\webappsstore.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\EA89FF4625EA1D6234C94663465EA3FDAD7254A0Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\21FBB9129B545C0CEFB8B064221D8AB6083226C4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\3EEB2114BB3831CC6E11DE78806F49490ECBDFA2Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\05582FF5C196A4485F189490FEC9ECEA0890DA32Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\66F684AF9CC570C6247262B47C769C601C2A338BJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-phish-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\OfflineCache\index.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\62CF5B8922DF24A584BA9C09805617B5E57D7DC3Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\047BBB477F47CB2839E1D13BB29A084CD99DF88EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\mozplugin-block-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\block-flashsubdoc-digest256.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-harmful-simple.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\8882926034CC71D13D877074AF2285C0A1BC408BJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\FDF0D7419BF494B8BD7B889145701603DAA03832Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\CA07C1C90F4793F4EC4ECB285A87DABBFDE860B3Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\7F49B2D060A4BBB21FF0061D581D3A6222535DF7Jump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\99C2E3725271B6FC5E9FF4A13F22B0C2372B6EEFJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\test-harmful-simple.sbstoreJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\EBFAA4818C420C359D7BC49568A875FB2DE2EB6EJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\safebrowsing\block-flash-digest256.psetJump to behavior
Source: C:\Users\user\AppData\Local\wlndows.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\6c4zjj0s.default\cache2\entries\D5D7B247774E63182A9E2C82B62424AAB64C79A8Jump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language