Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:	random.exe
Analysis ID:	1596842
MD5:	b986d1882535e8f044c3d091d324d2f9
SHA1:	af7fd2693f6f91c6655bde5621ad293daa53bcae
SHA256:	1d5f4f9082b27779f594b673840b56b01c5c925de8dac6b4a648543ddb9dd0b3
Tags:	CredentialFlusherexeuser-aachum
Infos:

Detection

Credential Flusher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Connects to many different domains

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

OS version to string mapping found (often used in BOTs)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

random.exe (PID: 520 cmdline: "C:\Users\user\Desktop\random.exe" MD5: B986D1882535E8F044C3D091D324D2F9)

taskkill.exe (PID: 6256 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1988 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1840 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2512 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4300 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 3796 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3160 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3672 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6884 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e88d621-052b-4023-849d-8c397453eb74} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f706f710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7368 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -parentBuildID 20230927232528 -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e0c995-30e0-4b2d-a803-f4866d868f98} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b08926d510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6680 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1472 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5096 -prefMapHandle 5188 -prefsLen 33353 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6a906d-8066-4da9-96c8-edf9823c988b} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f7072710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: random.exe PID: 520	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

Code function: 0_2_00F4EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00F4EAFF

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F4ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00F4ED6A

Source: C:\Users\user\Desktop\random.exe

0_2_00F4EAFF

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F3AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00F3AA57

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F69576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00F69576

System Summary

Binary is likely a compiled AutoIt script file

Source: random.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: random.exe, 00000000.00000000.1469701935.0000000000F92000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_b4cec945-c
Source: random.exe, 00000000.00000000.1469701935.0000000000F92000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_130aa952-3
Source: random.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_51b51921-d
Source: random.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_0930c293-9

Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A214C37 NtQuerySystemInformation,		18_2_0000025B5A214C37
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A6A2AF2 NtQuerySystemInformation,		18_2_0000025B5A6A2AF2

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F3D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00F3D5EB

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F31201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00F31201

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F3E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00F3E8F6

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00ED8060	0_2_00ED8060
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F42046	0_2_00F42046
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F38298	0_2_00F38298
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F0E4FF	0_2_00F0E4FF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F0676B	0_2_00F0676B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F64873	0_2_00F64873
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EDCAF0	0_2_00EDCAF0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EFCAA0	0_2_00EFCAA0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EECC39	0_2_00EECC39
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F06DD9	0_2_00F06DD9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00ED91C0	0_2_00ED91C0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EEB119	0_2_00EEB119
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF1394	0_2_00EF1394
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF1706	0_2_00EF1706
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF781B	0_2_00EF781B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF19B0	0_2_00EF19B0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EE997D	0_2_00EE997D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00ED7920	0_2_00ED7920
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF7A4A	0_2_00EF7A4A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF7CA7	0_2_00EF7CA7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF1C77	0_2_00EF1C77
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F09EEE	0_2_00F09EEE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F5BE44	0_2_00F5BE44
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF1F32	0_2_00EF1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A214C37	18_2_0000025B5A214C37
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A6A2AF2	18_2_0000025B5A6A2AF2
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A6A321C	18_2_0000025B5A6A321C
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 18_2_0000025B5A6A2B32	18_2_0000025B5A6A2B32

Source: C:\Users\user\Desktop\random.exe	Code function: String function: 00ED9CB3 appears 31 times
Source: C:\Users\user\Desktop\random.exe	Code function: String function: 00EEF9F2 appears 40 times
Source: C:\Users\user\Desktop\random.exe	Code function: String function: 00EF0A30 appears 46 times

Source: random.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal80.troj.evad.winEXE@34/38@84/13

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F437B5 GetLastError,FormatMessageW,

0_2_00F437B5

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F310BF AdjustTokenPrivileges,CloseHandle,		0_2_00F310BF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00F316C3

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00F451CD

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F3D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00F3D4DC

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F4648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00F4648E

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00ED42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00ED42A2

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3532:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2068:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2772:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2168:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3576:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Jump to behavior

Source: random.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\random.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 0000000E.00000003.1664414574.000002B092C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714380050.000002B08F224000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.1673504065.000002B092CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1663836763.000002B092CC0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708184036.000002B090FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);

Source: random.exe

ReversingLabs: Detection: 29%

Source: unknown	Process created: C:\Users\user\Desktop\random.exe "C:\Users\user\Desktop\random.exe"
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e88d621-052b-4023-849d-8c397453eb74} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f706f710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -parentBuildID 20230927232528 -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e0c995-30e0-4b2d-a803-f4866d868f98} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b08926d510 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1472 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5096 -prefMapHandle 5188 -prefsLen 33353 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6a906d-8066-4da9-96c8-edf9823c988b} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f7072710 utility
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e88d621-052b-4023-849d-8c397453eb74} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f706f710 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -parentBuildID 20230927232528 -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e0c995-30e0-4b2d-a803-f4866d868f98} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b08926d510 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1472 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5096 -prefMapHandle 5188 -prefsLen 33353 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6a906d-8066-4da9-96c8-edf9823c988b} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f7072710 utility	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\random.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: random.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: random.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.1713452641.000002B08F6B3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.1707483538.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1700430177.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.1720324221.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.1701664382.000002B08F1B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701664382.000002B08F1DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.1699368221.000002B090A95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719955394.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1720324221.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1696635956.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.1703222938.000002B08EF84000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.1701110896.000002B08F25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714135129.000002B08F264000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.1707483538.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1707034093.000002B090EB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1700430177.000002B08FA85000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.1693279482.000002B091D01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.1714972740.000002B08A71A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdbpocket-brand-name source: firefox.exe, 0000000E.00000003.1709009730.000002B08A7DB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.1696635956.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.1697814307.000002B0FFF6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1711441657.000002B0FFF6F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.1712054174.000002B092CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1698189382.000002B092CED000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdbglean_client_info source: firefox.exe, 0000000E.00000003.1699044811.000002B092C04000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb@ source: firefox.exe, 0000000E.00000003.1703883107.000002B08EEBB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.1714380050.000002B08F224000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714647083.000002B08F21C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.1705443963.000002B08A5EB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.1699044811.000002B092C04000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.1693279482.000002B091D01000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.1701110896.000002B08F25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714200632.000002B08F25B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C58000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: firefox.pdburlbar-star-add-bookmark source: firefox.exe, 0000000E.00000003.1710484647.000002B089A62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.1697814307.000002B0FFF6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1711441657.000002B0FFF6F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.1699368221.000002B090A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source:	Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: firefox.exe, 0000000E.00000003.1699368221.000002B090A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C58000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbPCj source: firefox.exe, 0000000E.00000003.1709009730.000002B08A7DB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.1701664382.000002B08F1DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.1699368221.000002B090A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source:	Binary string: profapi.pdbvalidation_failed source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.1712804898.000002B090FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699121829.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb0 1px 4px rgba(12, 12, 13, 0.1) source: firefox.exe, 0000000E.00000003.1700430177.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708651096.000002B08FA92000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.1698479112.000002B092C61000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.1713452641.000002B08F6B3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.1705443963.000002B08A5EB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.1719955394.000002B084870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.1699895618.000002B08FAFA000.00000004.00000800.00020000.00000000.sdmp

Source: random.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: random.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: random.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: random.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: random.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00ED42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00ED42DE

Source: gmpopenh264.dll.tmp.14.dr

Static PE information: section name: .rodata

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00EF0A76 push ecx; ret

0_2_00EF0A89

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp			Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)			Jump to dropped file

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EEF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00EEF98E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F61C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00F61C41

Source: C:\Users\user\Desktop\random.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\random.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-97635

Source: C:\Program Files\Mozilla Firefox\firefox.exe

Code function: 18_2_0000025B5A214C37 rdtsc

18_2_0000025B5A214C37

Source: C:\Users\user\Desktop\random.exe

API coverage: 3.8 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F3DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00F3DBBE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F0C2A2 FindFirstFileExW,	0_2_00F0C2A2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F468EE FindFirstFileW,FindClose,	0_2_00F468EE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F4698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00F4698F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F3D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00F3D076
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F3D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00F3D3A9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F49642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00F49642
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F4979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00F4979D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F49B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00F49B2B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F45C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00F45C97

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00ED42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00ED42DE

Source: firefox.exe, 00000012.00000002.3346177937.0000025B5A710000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: firefox.exe, 00000010.00000002.3347177668.000001E137340000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: firefox.exe, 00000010.00000002.3339849218.000001E13693A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: firefox.exe, 00000010.00000002.3339849218.000001E13693A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3339183471.0000025B59F1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3346177937.0000025B5A710000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3345774961.000002A8EB400000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000010.00000002.3346583656.000001E136F13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000014.00000002.3339016122.000002A8EAEEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: random.exe, 00000000.00000003.1556637843.000000000198C000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1557550643.0000000001993000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1556837002.0000000001992000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1557987157.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1561794469.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3347177668.000001E137340000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3346177937.0000025B5A710000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: random.exe, 00000000.00000003.1550555966.0000000001B9F000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1541942872.0000000001B9F000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1558048958.0000000001BA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWc

Source: C:\Users\user\Desktop\random.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

Code function: 18_2_0000025B5A214C37 rdtsc

18_2_0000025B5A214C37

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F4EAA2 BlockInput,

0_2_00F4EAA2

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F02622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00F02622

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00ED42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00ED42DE

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00EF4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00EF4CE8

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F30B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00F30B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F02622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00F02622
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00EF083F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF09D5 SetUnhandledExceptionFilter,	0_2_00EF09D5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00EF0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00EF0C21

Source: C:\Users\user\Desktop\random.exe

0_2_00F31201

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F12BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00F12BA5

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F3B226 SendInput,keybd_event,

0_2_00F3B226

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00F522DA

Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\random.exe

0_2_00F30B62

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F31663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00F31663

Source: random.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: random.exe	Binary or memory string: Shell_TrayWnd
Source: firefox.exe, 0000000E.00000003.1682566376.000002B091D01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00EF0698 cpuid

0_2_00EF0698

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F2D21C GetLocalTime,

0_2_00F2D21C

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F2D27A GetUserNameW,

0_2_00F2D27A

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00F0B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_00F0B952

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_00ED42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00ED42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: random.exe PID: 520, type: MEMORYSTR

Source: random.exe	Binary or memory string: WIN_81
Source: random.exe	Binary or memory string: WIN_XP
Source: random.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: random.exe	Binary or memory string: WIN_XPe
Source: random.exe	Binary or memory string: WIN_VISTA
Source: random.exe	Binary or memory string: WIN_7
Source: random.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: random.exe PID: 520, type: MEMORYSTR

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F51204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00F51204
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00F51806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00F51806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	12 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	2 Valid Accounts	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	21 Access Token Manipulation	1 Extra Window Memory Injection	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	2 Process Injection	1 Masquerading	Cached Domain Credentials	1 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Valid Accounts	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	2 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
random.exe	30%	ReversingLabs	Win32.Trojan.AutoitInject
random.exe	100%	Avira	TR/ATRAPS.Gen
random.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://crl3.digice	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	23.215.0.133	true	false	high
star-mini.c10r.facebook.com	157.240.252.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.193	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
shavar.prod.mozaws.net	34.211.125.135	true	false	high
services.addons.mozilla.org	151.101.1.91	true	false	high
dyna.wikimedia.org	185.15.59.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
youtube.com	142.250.186.78	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
a19.dscg10.akamai.net	2.22.61.59	true	false	high
youtube-ui.l.google.com	172.217.16.206	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
reddit.map.fastly.net	151.101.129.140	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
241.42.69.40.in-addr.arpa	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l	firefox.exe, 00000014.00000002.3341691851.000002A8EB3C4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://detectportal.firefox.com/	firefox.exe, 0000000E.00000003.1735925465.000002B088453000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft	firefox.exe, 0000000E.00000003.1720642025.000002B084864000.00000004.00000020.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://datastudio.google.com/embed/reporting/	firefox.exe, 0000000E.00000003.1681575628.000002B089498000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.mozilla.com0	gmpopenh264.dll.tmp.14.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl	firefox.exe, 0000000E.00000003.1554827504.000002B08F088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1693979410.000002B08F084000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655141633.000002B08F06D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650768423.000002B08F05E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556434203.000002B08F087000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000000E.00000003.1523889450.000002B0F70DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1708007092.000002B0F70DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3342384294.000001E136D72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3341691851.000002A8EB38F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://www.leboncoin.fr/	firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560788820.000002B08F243000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 0000000E.00000003.1566200653.000002B08F24A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725237272.000002B08F61C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://completion.amazon.com/search/complete?q=	firefox.exe, 0000000E.00000003.1527343661.000002B086E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527199645.000002B086E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527617094.000002B086E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527477796.000002B086E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527049541.000002B086C00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 0000000E.00000003.1734754650.000002B0884E6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://identity.mozilla.com/ids/ecosystem_telemetryU	firefox.exe, 0000000E.00000003.1706842076.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1712717425.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1675801088.000002B090FDD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://monitor.firefox.com/breach-details/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 0000000E.00000003.1578167807.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578167807.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000000E.00000003.1679979607.000002B08AA76000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 0000000E.00000003.1527343661.000002B086E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527199645.000002B086E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527617094.000002B086E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527477796.000002B086E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527049541.000002B086C00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/addon/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://exslt.org/sets	firefox.exe, 0000000E.00000003.1711737799.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523764207.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1672003242.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://youtube.com/	firefox.exe, 0000000E.00000003.1703883107.000002B08EEA3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht	firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	firefox.exe, 0000000E.00000003.1578167807.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578167807.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.instagram.com/	firefox.exe, 0000000E.00000003.1586860211.000002B088531000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://api.accounts.firefox.com/v1	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://exslt.org/common	firefox.exe, 0000000E.00000003.1711737799.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523764207.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1672003242.000002B0FFF26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ok.ru/	firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/	firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	firefox.exe, 0000000E.00000003.1718157404.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578167807.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://exslt.org/dates-and-times	firefox.exe, 0000000E.00000003.1697814307.000002B0FFF58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1672003242.000002B0FFF55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1711629154.000002B0FFF5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523695862.000002B0FFF62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	firefox.exe, 0000000E.00000003.1578929146.000002B0875F9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	firefox.exe, 0000000E.00000003.1672003242.000002B0FFFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523174473.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1697476711.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706539185.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3342384294.000001E136DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A1E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3345981413.000002A8EB503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	false		high
https://www.youtube.com/	firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601	firefox.exe, 0000000E.00000003.1634665810.000002B087E9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633019474.000002B087E81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1635347570.000002B087EB1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://www.bbc.co.uk/	firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560788820.000002B08F243000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/firefox/addon/to-google-translate/	firefox.exe, 0000000E.00000003.1675801088.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699121829.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000014.00000002.3341691851.000002A8EB3C4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://127.0.0.1:	firefox.exe, 0000000E.00000003.1561401191.000002B08F15A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1703883107.000002B08EE97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1567216996.000002B08F15A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560373260.000002B08F25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220	firefox.exe, 0000000E.00000003.1634665810.000002B087E9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633019474.000002B087E81000.00000004.00000800.00020000.00000000.sdmp	false		high
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152	firefox.exe, 0000000E.00000003.1586860211.000002B088573000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 0000000E.00000003.1678253414.000002B08F2A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 0000000E.00000003.1734754650.000002B0884E6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://youtube.com/account?=	recovery.jsonlz4.tmp.14.dr	false		high
https://shavar.services.mozilla.com/	firefox.exe, 0000000E.00000003.1710734749.000002B0895FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	firefox.exe, 0000000E.00000003.1672003242.000002B0FFFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523174473.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1697476711.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706539185.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3342384294.000001E136DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A1E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3345981413.000002A8EB503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.dr	false		high
http://crl3.digice	firefox.exe, 0000000E.00000003.1719272446.000002B084833000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1692041809.000002B084832000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1695099942.000002B084833000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1691658362.000002B084831000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1692841548.000002B084833000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1693539975.000002B084831000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706841747.000002B084833000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1690224158.000002B084831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture	firefox.exe, 0000000E.00000003.1718157404.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 0000000E.00000003.1566200653.000002B08F24A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1705329885.000002B08AA9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706539185.000002B0FFFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1573629348.000002B08AA9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679979607.000002B08AA76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3341691851.000002A8EB313000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://www.iqiyi.com/	firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560788820.000002B08F243000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
https://youtube.com/account?=https://accounts.google.co	firefox.exe, 00000014.00000002.3340949166.000002A8EB2F0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.	places.sqlite-wal.14.dr	false		high
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://a9.com/-/spec/opensearch/1.0/	firefox.exe, 0000000E.00000003.1701110896.000002B08F25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714200632.000002B08F25B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://safebrowsing.google.com/safebrowsing/diagnostic?site=	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://monitor.firefox.com/user/dashboard	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1170143	firefox.exe, 0000000E.00000003.1634665810.000002B087E9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633019474.000002B087E81000.00000004.00000800.00020000.00000000.sdmp	false		high
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://mozilla.org/MPL/2.0/.	firefox.exe, 0000000E.00000003.1586860211.000002B088573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1659725436.000002B087EE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1734042291.000002B0892CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586860211.000002B088549000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1635347570.000002B087EE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556968797.000002B08F0E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556968797.000002B08F0F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1572547999.000002B08EFAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1660790466.000002B087EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1572547999.000002B08EF98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1705626248.000002B08A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584600861.000002B08856E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1667569544.000002B087EE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1686624794.000002B08F0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1709890829.000002B08A554000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584600861.000002B088596000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586860211.000002B088568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1660790466.000002B087EE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1687381865.000002B08A821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1659506953.000002B0881BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653184303.000002B08884D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://account.bellmedia.c	firefox.exe, 0000000E.00000003.1705443963.000002B08A5EB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 0000000E.00000003.1705443963.000002B08A5EB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://coverage.mozilla.org	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	gmpopenh264.dll.tmp.14.dr	false		high
https://www.zhihu.com/	firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	firefox.exe, 0000000E.00000003.1578929146.000002B0875F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679175215.000002B08EFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1710217872.000002B089ABD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	firefox.exe, 0000000E.00000003.1578929146.000002B0875F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679175215.000002B08EFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1710217872.000002B089ABD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://a9.com/-/spec/opensearch/1.1/	firefox.exe, 0000000E.00000003.1701110896.000002B08F25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714200632.000002B08F25B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 0000000E.00000003.1693979410.000002B08F084000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655141633.000002B08F06D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650768423.000002B08F05E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556434203.000002B08F087000.00000004.00000800.00020000.00000000.sdmp	false		high
https://blocked.cdn.mozilla.net/	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
http://developer.mozilla.org/en/docs/DOM:element.addEventListener	firefox.exe, 0000000E.00000003.1578167807.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578167807.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1680428708.000002B088E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1718157404.000002B088EB7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?t=ffab&q=	firefox.exe, 0000000E.00000003.1678014018.000002B08FA78000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://outlook.live.com/default.aspx?rru=compose&to=%s	firefox.exe, 0000000E.00000003.1643576409.000002B086A3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530358714.000002B086A26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529142171.000002B086A33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530858538.000002B086A33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=793869	firefox.exe, 0000000E.00000003.1634665810.000002B087E9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633019474.000002B087E81000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mozilla.cloudflare-dns.com/dns-query	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2	firefox.exe, 0000000E.00000003.1734319484.000002B0892AE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1678448	firefox.exe, 0000000E.00000003.1634665810.000002B087E9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633019474.000002B087E81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1633161855.000002B087E97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1635267030.000002B087E7B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000000E.00000003.1643576409.000002B086A3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530358714.000002B086A26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529142171.000002B086A33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530858538.000002B086A33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/	firefox.exe, 0000000E.00000003.1675801088.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699121829.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 0000000E.00000003.1578929146.000002B087565000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://www.amazon.co.uk/	firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560788820.000002B08F243000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560966298.000002B08F214000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/	firefox.exe, 0000000E.00000003.1675977158.000002B090EDA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 00000010.00000002.3341263241.000001E136AC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3340086980.0000025B59F80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3340485173.000002A8EB0A0000.00000002.10000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 0000000E.00000003.1527049541.000002B086C00000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	youtube.com	United States	15169	GOOGLEUS	false
151.101.1.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
34.211.125.135	shavar.prod.mozaws.net	United States	16509	AMAZON-02US	false
35.201.103.21	normandy-cdn.services.mozilla.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1596842
Start date and time:	2025-01-22 15:40:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	random.exe
Detection:	MAL
Classification:	mal80.troj.evad.winEXE@34/38@84/13
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 96% Number of executed functions: 47 Number of non-executed functions: 295
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.174, 2.22.61.59, 216.58.206.74, 172.217.16.202, 2.19.106.160, 172.202.163.200, 40.69.42.241, 52.149.20.212, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ciscobinary.openh264.org, ocsp.digicert.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, safebrowsing.googleapis.com, aus5.mozilla.org, location.services.mozilla.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
34.117.188.166	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	MAIN.zip	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse
	mscoree.dll	Get hash	malicious	Unknown	Browse
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
34.211.125.135	MAIN.zip	Get hash	malicious	Unknown	Browse
151.101.1.91	MAIN.zip	Get hash	malicious	Unknown	Browse
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	https://microsoft-visio.en.softonic.com/	Get hash	malicious	Unknown	Browse
	https://adarsh-priydarshi-5646.github.io/Netflix-Website	Get hash	malicious	HTMLPhisher	Browse
	https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAu	Get hash	malicious	Unknown	Browse
	Bontrageroutdoors_Project_Update_202557516.pdf	Get hash	malicious	Unknown	Browse
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=evsqlwgFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#test@kghm.com	Get hash	malicious	Unknown	Browse
	rpDOUhuBC5.exe	Get hash	malicious	Credential Flusher	Browse
	grand-theft-auto-5-theme-1-installer_qb8W-j1.exe	Get hash	malicious	Unknown	Browse
34.149.100.209	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	MAIN.zip	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse
	mscoree.dll	Get hash	malicious	Unknown	Browse
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	GbpfWtymAP.exe	Get hash	malicious	Credential Flusher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
example.org	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc	Browse	23.215.0.133
	random.exe	Get hash	malicious	Credential Flusher	Browse	96.7.128.186
	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc	Browse	23.215.0.132
	random.exe	Get hash	malicious	Credential Flusher	Browse	23.215.0.132
	MAIN.zip	Get hash	malicious	Unknown	Browse	96.7.128.192
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse	96.7.128.186
	mscoree.dll	Get hash	malicious	Unknown	Browse	96.7.128.192
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse	96.7.128.186
	BingWallpaper.exe	Get hash	malicious	Unknown	Browse	96.7.128.192
twitter.com	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc	Browse	104.244.42.193
	random.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.1
	random.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
	MAIN.zip	Get hash	malicious	Unknown	Browse	104.244.42.65
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse	104.244.42.1
star-mini.c10r.facebook.com	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc	Browse	157.240.0.35
	https://flugger.pl	Get hash	malicious	Unknown	Browse	157.240.0.35
	http://webflow.io	Get hash	malicious	Unknown	Browse	157.240.251.35
	https://dnl.hb-fein.de/	Get hash	malicious	Unknown	Browse	157.240.0.35
	https://thomasaltmnn.com/	Get hash	malicious	Unknown	Browse	157.240.253.35
	https://rakshit099-g.github.io/PROJECT_WORKS/	Get hash	malicious	HTMLPhisher	Browse	157.240.0.35
	https://link.space/@Deskservice	Get hash	malicious	Unknown	Browse	157.240.253.35
	https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206	Get hash	malicious	HTMLPhisher	Browse	157.240.251.35
	https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206	Get hash	malicious	HTMLPhisher	Browse	157.240.251.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	random.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer	Browse	185.199.111.133
	random.exe	Get hash	malicious	Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, Vidar	Browse	185.199.111.133
	https://tech-doctors.net/netf/NTXUPDATED	Get hash	malicious	Unknown	Browse	151.101.194.137
	random.exe	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://rbslocadora.com.br/modules/aggregator/red.html	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://flugger.pl	Get hash	malicious	Unknown	Browse	151.101.64.84
	http://webflow.io	Get hash	malicious	Unknown	Browse	151.101.2.132
	https://app.dam.penzle.com/asset/c9b1ca84-2e6e-4091-8dd7-8eea9a901c0b--105887785658629571096-0797a88c-6d4b-41ed-9b50-9a993107fca0--34868474-c76c-4769-aa1a-4fb9218cd274	Get hash	malicious	Unknown	Browse	151.101.2.137
	random.exe	Get hash	malicious	Unknown	Browse	185.199.109.133
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc	Browse	34.117.188.166
	http://www.sterne-shop.de	Get hash	malicious	Unknown	Browse	34.117.77.79
	http://www.sterne-shop.de	Get hash	malicious	Unknown	Browse	34.117.77.79
	VQdUvAQ4xO.exe	Get hash	malicious	DCRat, PureLog Stealer, ReverseShell, zgRAT	Browse	34.117.59.81
	http://telegrauml.work/	Get hash	malicious	Telegram Phisher	Browse	34.117.59.81
	http://telegrems.fit/	Get hash	malicious	Telegram Phisher	Browse	34.117.59.81
	random.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc	Browse	34.117.188.166
	random.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
AMAZON-02US	attached PO.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://flugger.pl	Get hash	malicious	Unknown	Browse	13.35.58.9
	http://webflow.io	Get hash	malicious	Unknown	Browse	108.138.26.97
	https://mailzim-0fb4f9.webflow.io/	Get hash	malicious	Unknown	Browse	18.244.20.221
	http://www.sterne-shop.de	Get hash	malicious	Unknown	Browse	34.247.128.143
	http://www.sterne-shop.de	Get hash	malicious	Unknown	Browse	34.252.167.64
	https://www.mathemise.com/	Get hash	malicious	Unknown	Browse	3.78.6.236
	https://steursinnovatingforthefuture.freshdesk.com/support/solutions/articles/203000017909-steurs-innovating-for-the-future	Get hash	malicious	Unknown	Browse	3.5.138.151
	http://whatsappweb.net	Get hash	malicious	Unknown	Browse	18.158.3.25
ATGS-MMD-ASUS	setups.exe	Get hash	malicious	Unknown	Browse	34.133.74.21
	http://webflow.io	Get hash	malicious	Unknown	Browse	34.128.128.0
	setups.exe	Get hash	malicious	Unknown	Browse	34.133.74.21
	http://www.sterne-shop.de	Get hash	malicious	Unknown	Browse	34.149.254.14
	arm7	Get hash	malicious	Unknown	Browse	57.180.175.94
	armv7l.elf	Get hash	malicious	Unknown	Browse	34.184.36.220
	jhdfer3s_jh3de.exe	Get hash	malicious	Unknown	Browse	34.160.111.145
	jhdfer3s_jh3de.exe	Get hash	malicious	Unknown	Browse	34.160.111.145
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	34.151.214.54

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fb0aa01abe9d8e4037eb3473ca6e2dca	random.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	random.exe	Get hash	malicious	Amadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	random.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	MAIN.zip	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	mscoree.dll	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	random.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	random.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91
	GbpfWtymAP.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123 151.101.1.91

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	MAIN.zip	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse
	mscoree.dll	Get hash	malicious	Unknown	Browse
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	GbpfWtymAP.exe	Get hash	malicious	Credential Flusher	Browse
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	MAIN.zip	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip	Get hash	malicious	Unknown	Browse
	mscoree.dll	Get hash	malicious	Unknown	Browse
	qOH6oNqqoi.ps1	Get hash	malicious	PureCrypter, Amadey	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	random.exe	Get hash	malicious	Credential Flusher	Browse
	GbpfWtymAP.exe	Get hash	malicious	Credential Flusher	Browse

Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:50584 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.8:50586 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:50588 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:50589 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:50592 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:50591 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:50590 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50598 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50600 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50599 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50601 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:50602 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 151.101.1.91 151.101.1.91
Source: Joe Sandbox View	IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166

Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000000E.00000003.1681575628.000002B089498000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1691292719.000002B086E43000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1678380678.000002B08F150000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1703883107.000002B08EE7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1578929146.000002B087588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1578929146.000002B087588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1703883107.000002B08EE7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1566932586.000002B08F214000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1701110896.000002B08F208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714742122.000002B08F215000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1578929146.000002B087588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1578929146.000002B087588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1717510338.000002B0891ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341001264.0000025B5A103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/^ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/^ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000014.00000002.3341691851.000002A8EB30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/^ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1678380678.000002B08F150000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://89c83477-7a1a-4f5a-bda8-ef3858d4c7d0/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1675801088.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699121829.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1703883107.000002B08EE7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1675801088.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699121829.000002B090F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1706842076.000002B090F84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1727990396.000002B089329000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: a19.dscg10.akamai.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50580
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50589
Source: unknown	Network traffic detected: HTTP traffic on port 50599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50584
Source: unknown	Network traffic detected: HTTP traffic on port 50595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50585
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50587
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50591
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50590
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50595
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50594
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50599
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 50601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50601
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50600
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50602
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50587 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 50602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	8056
Entropy (8bit):	5.177311650301738
Encrypted:	false
SSDEEP:	192:v99wMX727w7jtbhbVbTbfbRbObtbyEl7nPlWrZJA6unSrDtTkdmSN:v9bvtNhnzFSJcr01nSrDhkdmE
MD5:	D627DE7BE5AE62B1B0BC49FCA751EA91
SHA1:	B3738AD513F400A1A52460C39B86AD4EA52E9649
SHA-256:	99A2BFF581B0A7EE47890D565EAC7B58DD439CDFF5A1C1D7ABC30AC0A14FB346
SHA-512:	F6E6201F6BBD0150F8CF386CAC16E6B67E0119C4E73F584D472294569AF7B1846A7EBC188F62D3A96CFE5F27323A6E4CF9655251F9176AA733B45A219B6C7985
Malicious:	false
Preview:	{"type":"uninstall","id":"82af6e9f-07ed-4344-baac-6c0aeac1c6d8","creationDate":"2025-01-22T15:50:48.830Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.7024548645728474
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	random.exe
File size:	970'240 bytes
MD5:	b986d1882535e8f044c3d091d324d2f9
SHA1:	af7fd2693f6f91c6655bde5621ad293daa53bcae
SHA256:	1d5f4f9082b27779f594b673840b56b01c5c925de8dac6b4a648543ddb9dd0b3
SHA512:	31c10f9548db63209d445e900723692d936a7e7712203e7729bb9ac4c0525875e9fcf51f4c52d23021c8bdc7ae2835c6ccbe948763597b57f2cf6ac83593a104
SSDEEP:	24576:kqDEvCTbMWu7rQYlBQcBiT6rprG8a5n3F:kTvC/MTQYxsWR7a5n
TLSH:	6E259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13A81D79BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6790F2FC [Wed Jan 22 13:30:36 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x1625c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xeb000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x1625c	0x16400	2036d4db3aeaf69a54cab90462dfd2ca	False	0.6997454353932584	data	7.171792015546023	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xeb000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45f0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd4718	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd4840	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4968	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c50	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d78	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5c20	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd64c8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd6a30	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8fd8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda080	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4e8	0x50	data	English	Great Britain	0.9
RT_DIALOG	0xda538	0xfc	data	English	Great Britain	0.6507936507936508
RT_STRING	0xda634	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdabc8	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb254	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb6e4	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbce0	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc33c	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc7a4	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc8fc	0xd3e0	data			1.0004793510324483
RT_GROUP_ICON	0xe9cdc	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xe9d54	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xe9d68	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xe9d7c	0x14	data	English	Great Britain	1.25
RT_VERSION	0xe9d90	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xe9e6c	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 22, 2025 15:41:38.446074963 CET	50287	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.446392059 CET	55505	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.453167915 CET	53	55505	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.453219891 CET	53	50287	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.496557951 CET	52067	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.496743917 CET	53679	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.497021914 CET	51680	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.503237963 CET	53	52067	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.503560066 CET	53	53679	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.503931046 CET	53	51680	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.504924059 CET	51651	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.511867046 CET	53	51651	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.515096903 CET	49652	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.515405893 CET	61227	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.522531986 CET	53	61227	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.522691965 CET	53	49652	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.957710981 CET	58505	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.965349913 CET	56279	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.965814114 CET	53	58505	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.967406034 CET	64849	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.970282078 CET	56957	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.973507881 CET	53	56279	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.974097967 CET	53	64849	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.975141048 CET	53402	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.978331089 CET	53	56957	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.986819029 CET	53	53402	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:38.995260000 CET	52827	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.996622086 CET	59772	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:38.998651028 CET	63982	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:39.004714012 CET	53	52827	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:39.004745960 CET	53	59772	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:39.006416082 CET	53	63982	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:39.012356043 CET	53963	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:39.012665033 CET	59165	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:39.020279884 CET	53	53963	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:39.021224976 CET	53	59165	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:39.459800005 CET	61021	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:39.468029976 CET	53	61021	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.753191948 CET	58186	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.753307104 CET	52855	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.760699034 CET	53	58186	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.761225939 CET	53	52855	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.765749931 CET	52778	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.768285036 CET	50760	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.772766113 CET	53	52778	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.775338888 CET	53	50760	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.778913021 CET	52153	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.779342890 CET	49300	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:40.785761118 CET	53	52153	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:40.786835909 CET	53	49300	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:41.278529882 CET	60161	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:41.286746025 CET	53	60161	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:41.293152094 CET	52598	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:41.299899101 CET	53	52598	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:41.300545931 CET	64349	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:41.309365034 CET	53	64349	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:45.466696024 CET	51471	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:45.473743916 CET	53	51471	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:45.504466057 CET	61490	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:45.511348009 CET	53	61490	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:45.514230967 CET	53950	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:45.521692038 CET	53	53950	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:45.838299036 CET	56236	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:45.845130920 CET	53	56236	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:46.081358910 CET	64737	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:46.087869883 CET	53	64737	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:46.088525057 CET	54863	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:46.095386982 CET	53	54863	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:49.841352940 CET	56021	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:49.843102932 CET	53700	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:49.848306894 CET	53	56021	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:49.849818945 CET	53	53700	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:49.850636959 CET	51483	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:49.858099937 CET	53	51483	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:49.860915899 CET	61744	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:49.867458105 CET	53	61744	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:51.243779898 CET	64979	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:51.250797987 CET	53	64979	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.911864996 CET	58030	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.911905050 CET	54541	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.912158966 CET	58803	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.918872118 CET	53	58803	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.919078112 CET	53	58030	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.919092894 CET	53	54541	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.919521093 CET	52858	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.919661999 CET	62727	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.920043945 CET	59986	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.926233053 CET	53	52858	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.926676989 CET	55955	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.926800013 CET	53	62727	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.926815033 CET	53	59986	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.927325010 CET	51668	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.927714109 CET	63912	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.934314966 CET	53	55955	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.934329033 CET	53	51668	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.934343100 CET	53	63912	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.934874058 CET	57664	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.934952974 CET	58749	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.941416025 CET	53	57664	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.941430092 CET	53	58749	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.942054987 CET	58316	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.942081928 CET	58246	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.949415922 CET	53	58246	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.949486017 CET	53	58316	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.949887991 CET	57449	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.949984074 CET	50787	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:41:55.956418991 CET	53	57449	1.1.1.1	192.168.2.8
Jan 22, 2025 15:41:55.956603050 CET	53	50787	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:00.030631065 CET	53	55528	162.159.36.2	192.168.2.8
Jan 22, 2025 15:42:00.504710913 CET	59845	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:00.512895107 CET	53	59845	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:01.282919884 CET	65366	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:01.290056944 CET	53	65366	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:01.291264057 CET	56384	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:01.298100948 CET	53	56384	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.318162918 CET	57831	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.342098951 CET	60920	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.389025927 CET	53	57831	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.389239073 CET	53	60920	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.391180992 CET	62599	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.392400026 CET	64013	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.393404007 CET	50498	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.397882938 CET	53	62599	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.399548054 CET	53	64013	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.399930954 CET	53	50498	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.403850079 CET	58616	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.404141903 CET	62467	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.404387951 CET	57955	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.410567999 CET	53	58616	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.411174059 CET	53	57955	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.411508083 CET	53	62467	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.874536991 CET	59813	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.881335020 CET	53	59813	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.882852077 CET	52622	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.889864922 CET	53	52622	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.894978046 CET	57457	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.901701927 CET	53	57457	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.974366903 CET	55523	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.974798918 CET	59971	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:06.982018948 CET	53	59971	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:06.982120037 CET	53	55523	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:07.399113894 CET	61500	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:07.408524036 CET	53	61500	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:07.409145117 CET	56189	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:07.418781042 CET	53	56189	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:22.117542982 CET	57674	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:22.124501944 CET	53	57674	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:22.126064062 CET	53526	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:22.133330107 CET	53	53526	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:35.788492918 CET	55712	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:35.795387030 CET	53	55712	1.1.1.1	192.168.2.8
Jan 22, 2025 15:42:35.798379898 CET	58628	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:42:35.805304050 CET	53	58628	1.1.1.1	192.168.2.8
Jan 22, 2025 15:43:02.719582081 CET	53134	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:43:02.726486921 CET	53	53134	1.1.1.1	192.168.2.8
Jan 22, 2025 15:43:02.730997086 CET	57580	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:43:02.737884045 CET	53	57580	1.1.1.1	192.168.2.8
Jan 22, 2025 15:43:02.741014004 CET	54218	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:43:02.748039961 CET	53	54218	1.1.1.1	192.168.2.8
Jan 22, 2025 15:43:03.214327097 CET	61574	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:43:03.221069098 CET	53	61574	1.1.1.1	192.168.2.8
Jan 22, 2025 15:44:23.222400904 CET	52530	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:44:23.230760098 CET	53	52530	1.1.1.1	192.168.2.8
Jan 22, 2025 15:44:23.231970072 CET	54376	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:44:23.239785910 CET	53	54376	1.1.1.1	192.168.2.8
Jan 22, 2025 15:44:23.240402937 CET	54193	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:44:23.247011900 CET	53	54193	1.1.1.1	192.168.2.8
Jan 22, 2025 15:44:23.716897964 CET	64578	53	192.168.2.8	1.1.1.1
Jan 22, 2025 15:44:23.724487066 CET	53	64578	1.1.1.1	192.168.2.8

Timestamp	Bytes transferred	Direction	Data
Jan 22, 2025 15:41:38.525468111 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:38.945930958 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69933 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Jan 22, 2025 15:41:40.469625950 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:40.924793959 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61502 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Timestamp	Bytes transferred	Direction	Data
Jan 22, 2025 15:41:40.759711027 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:41.228085995 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69936 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:41.846230984 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:41.943573952 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69936 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:45.458590984 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:45.556018114 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69940 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:49.253372908 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:49.350214005 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69944 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:51.124665976 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:51.221458912 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69946 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:52.088491917 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:52.204699993 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69947 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:52.585304022 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:52.682178020 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69947 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:54.156785011 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:54.255690098 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69949 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:55.856224060 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:55.952841043 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69950 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:41:56.580022097 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:41:56.678682089 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69951 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:01.792349100 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:01.892246008 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69956 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:06.874552965 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:06.973526955 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69961 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:07.371782064 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:07.468966007 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69962 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:17.475172997 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:22.608700991 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:22.705621004 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69977 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:32.712879896 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:36.303872108 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:36.400578022 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69991 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:36.769546032 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:36.867038965 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69991 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:37.990695000 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:42:38.087181091 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 69993 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:42:48.088432074 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:58.101665020 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:03.214230061 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:43:03.310689926 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 70018 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 22, 2025 15:43:13.329127073 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:23.358056068 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:33.374761105 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:43.387620926 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:53.401269913 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:44:03.414304972 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:44:23.716638088 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 22, 2025 15:44:23.814388037 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Tue, 21 Jan 2025 19:16:05 GMT Age: 70098 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Jan 22, 2025 15:41:42.207510948 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:42.676323891 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61504 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:46.690677881 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:46.789660931 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61508 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:49.765750885 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:49.864008904 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61511 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:51.345588923 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:51.443927050 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61513 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:52.422765970 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:52.527003050 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61514 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:52.741209030 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:52.839538097 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61514 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:54.901387930 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:55.076488018 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61516 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:55.955952883 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:56.054290056 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61518 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:41:56.685343027 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:41:56.968739986 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61518 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:01.895654917 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:01.995604992 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61523 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:06.976640940 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:07.075309992 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61529 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:07.472104073 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:07.571628094 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61529 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:17.575489044 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:22.708703041 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:22.808423042 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61544 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:32.811757088 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:36.430655956 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:36.530426979 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61558 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:36.870682001 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:36.971050978 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61558 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:38.090861082 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:42:38.190818071 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61560 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:42:48.203183889 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:42:58.217720032 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:03.314578056 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:43:03.413068056 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61585 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 22, 2025 15:43:13.429419041 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:23.436194897 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:33.443818092 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:43.456630945 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:43:53.463908911 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:44:03.476784945 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 22, 2025 15:44:23.817946911 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 22, 2025 15:44:23.916438103 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 21 Jan 2025 21:36:38 GMT Age: 61665 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report random.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_82af6e9f-07ed-4344-baac-6c0aeac1c6d8.json (copy)

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_82af6e9f-07ed-4344-baac-6c0aeac1c6d8.json.tmp

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

C:\Users\user\AppData\Local\Temp\tmpaddon

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YL5FUY9SA5EEFD738T2P.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZEJFL2NR79ZOIV6HE49X.temp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\ExperimentStoreData.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\ExperimentStoreData.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addonStartup.json.lz4 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addonStartup.json.lz4.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addons.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addons.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\content-prefs.sqlite

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\store.json.mozlz4 (copy)

Windows Analysis Report
random.exe

Target ID:	0
Start time:	09:41:29
Start date:	22/01/2025
Path:	C:\Users\user\Desktop\random.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\random.exe"
Imagebase:	0xed0000
File size:	970'240 bytes
MD5 hash:	B986D1882535E8F044C3D091D324D2F9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	09:41:30
Start date:	22/01/2025
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xda0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	09:41:32
Start date:	22/01/2025
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xda0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	12
Start time:	09:41:33
Start date:	22/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6d20e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	16
Start time:	09:41:34
Start date:	22/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e88d621-052b-4023-849d-8c397453eb74} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f706f710 socket
Imagebase:	0x7ff6d20e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	18
Start time:	09:41:36
Start date:	22/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -parentBuildID 20230927232528 -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e0c995-30e0-4b2d-a803-f4866d868f98} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b08926d510 rdd
Imagebase:	0x7ff6d20e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	20
Start time:	09:41:45
Start date:	22/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1472 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5096 -prefMapHandle 5188 -prefsLen 33353 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6a906d-8066-4da9-96c8-edf9823c988b} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2b0f7072710 utility
Imagebase:	0x7ff6d20e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false