Edit tour

Windows Analysis Report
Ahnenblatt4.exe

Overview

General Information

Sample name:	Ahnenblatt4.exe
Analysis ID:	1623701
MD5:	950f3bebb7563ee8354b21ef9cbea4a2
SHA1:	7b520ff8bd1b552e3de00a38a87722f21dc1c9f4
SHA256:	8f4f53bc02348a549f3437444aacec43eae5f90875ea3c5ec96600ba1cb4a061
Infos:

Detection

Score:	57
Range:	0 - 100
Confidence:	100%

Compliance

Score:	48
Range:	0 - 100

Signatures

Yara detected UAC Bypass using CMSTP

Found direct / indirect Syscall (likely to bypass EDR)

Found hidden mapped module (file has been removed from disk)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects code into the Windows Explorer (explorer.exe)

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Writes to foreign memory regions

Connects to many different domains

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Uses 32bit PE files

Classification

Process Tree

System is w11x64_office

Ahnenblatt4.exe (PID: 5384 cmdline: "C:\Users\user\Desktop\Ahnenblatt4.exe" MD5: 950F3BEBB7563EE8354B21EF9CBEA4A2)

Ahnenblatt4.exe (PID: 4288 cmdline: C:\ProgramData\sqlservr\Ahnenblatt4.exe MD5: 950F3BEBB7563EE8354B21EF9CBEA4A2)

more.com (PID: 4884 cmdline: C:\Windows\SysWOW64\more.com MD5: 0EA0CA08A50D541185EE1E64398B0632)

conhost.exe (PID: 1316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)

explorer.exe (PID: 6148 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 6541BBB9E6FE706103082E231F523424)

EXCEL.EXE (PID: 6352 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\cavorilievo.csv" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)

firefox.exe (PID: 8 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 3940 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 6096 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 1984 -prefsLen 31209 -prefMapHandle 1988 -prefMapSize 281498 -ipcHandle 2044 -initialChannelId {ce6cd488-dbfe-43d7-98e2-50c7224cf5bd} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 6944 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 2304 -prefsLen 31209 -prefMapHandle 2308 -prefMapSize 281498 -ipcHandle 2328 -initialChannelId {422e0cbf-83b3-4156-9bed-dee1415a5eb7} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 2432 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2888 -prefsLen 27948 -prefMapHandle 2892 -prefMapSize 281498 -jsInitHandle 2896 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2904 -initialChannelId {69581eab-c429-4853-9b62-a150a3888a0e} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 2572 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3176 -prefsLen 28062 -prefMapHandle 3448 -prefMapSize 281498 -jsInitHandle 3572 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2852 -initialChannelId {d8f89c32-3584-4d80-91a1-391987dfe018} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 tab MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 4000 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3456 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -jsInitHandle 3472 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3496 -initialChannelId {1aac090d-d631-4527-9658-7c6a53b7c51d} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 4148 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 3472 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -ipcHandle 4392 -initialChannelId {cd6978bb-2bfc-4b72-99b9-3e7e3974bb07} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 rdd MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

firefox.exe (PID: 5776 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5088 -prefsLen 38582 -prefMapHandle 5092 -prefMapSize 281498 -jsInitHandle 5096 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3820 -initialChannelId {655631be-541d-4979-a737-2766a9a321fe} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab MD5: 4E82C81BC54B7858AA507CA58D0E3FA2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: Ahnenblatt4.exe PID: 5384	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: more.com PID: 4884	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security

Sigma Signatures

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.60, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 63775

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 63775, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 13.107.246.60, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ahnenblatt4.exe PID: 5384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: more.com PID: 4884, type: MEMORYSTR

Compliance

Uses 32bit PE files

Source: Ahnenblatt4.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: Ahnenblatt4.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:63776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:63775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.24:63782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.24:52302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.24:52306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.24:52307 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: Ahnenblatt4.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Source:	Binary string: D:\a\_work\e\src\out\Release\WebView2Loader.dll.pdb source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2854698218.0000000002EF0000.00000002.00000001.01000000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: Ahnenblatt4.exe, 00000001.00000002.2789531694.000000000D7D3000.00000004.00000020.00020000.00000000.sdmp, Ahnenblatt4.exe, 00000002.00000002.2792207291.000000000D070000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Ahnenblatt4.exe, 00000001.00000002.2789531694.000000000D7D3000.00000004.00000020.00020000.00000000.sdmp, Ahnenblatt4.exe, 00000002.00000002.2792207291.000000000D070000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\source\VIEW\Release\WebView2GettingStarted.pdb source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2853800438.0000000002EC9000.00000002.00000001.01000000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Software Vulnerabilities

Source: excel.exe	Memory has grown: Private usage: 2MB later: 93MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 120MB

Networking

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 31

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.24:52299 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 34.160.144.191 34.160.144.191

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rules/rule170146v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120201v19s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdConnection: keep-aliveIf-Modified-Since: Thu, 28 Nov 2024 13:03:18 GMTIf-None-Match: "e90b4b26f40b4131c1239c8340204be3"
Source: global traffic	HTTP traffic detected: GET /api/v1/suggest?q=&sid=fd01273e-d11a-4435-83a5-3c543a8d6e6b&seq=0&providers=accuweather&request_type=weather HTTP/1.1Host: merino.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdConnection: keep-alivePriority: u=4
Source: global traffic	HTTP traffic detected: GET /main-workspace/newtab-wallpapers-v2/e1108381-5c19-4cb4-a630-69f9e45503fb.avif HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: image/avif,image/webp,image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: cross-siteIf-Modified-Since: Mon, 17 Jun 2024 16:06:03 GMTIf-None-Match: "75b64595ba8d97fdb7eb6a9e7fcfecaa"Priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /main-workspace/newtab-wallpapers-v2/e94b1e49-c518-40d6-98e3-dffab6cc370d.avif HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: image/avif,image/webp,image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: cross-siteIf-Modified-Since: Mon, 17 Jun 2024 15:19:13 GMTIf-None-Match: "ecb67fe4585a5714e4df200ceb5481b8"Priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePriority: u=4Pragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: WHERE place_id = (SELECT id FROM moz_places WHERE url_hash = hash(:urlCSV string of spoc placement counts on newtab Pocket grid. The count tells the ad server how many ads to return for this position and placement.https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/UPDATE moz_bookmarks SET position = position - 1 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You must provide a target ID as the second parameter of AlsoToOneContent. If you want to send to all content processes, use BroadcastToContenthttps://www.baidu.com/,https://www.zhihu.com/,https://www.ifeng.com/,https://weibo.com/,https://www.ctrip.com/,https://www.iqiyi.com/Stop Facebook from tracking your activity across the web. Use Facebook the way you normally do without annoying ads following you around. equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: WHERE guid = :guidWebExtEvent actions should include a property "source", the id of the webextension that should receive the event.SELECT name FROM (SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master) WHERE type = 'table' AND name=?https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.bbc.co.uk/,https://www.ebay.co.uk/chrome://activity-stream/content/data/content/tippytop/images/bing-com@2x.svg equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: WHERE guid = :guidWebExtEvent actions should include a property "source", the id of the webextension that should receive the event.SELECT name FROM (SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master) WHERE type = 'table' AND name=?https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.bbc.co.uk/,https://www.ebay.co.uk/chrome://activity-stream/content/data/content/tippytop/images/bing-com@2x.svg equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: WHERE guid = :guidWebExtEvent actions should include a property "source", the id of the webextension that should receive the event.SELECT name FROM (SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master) WHERE type = 'table' AND name=?https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.bbc.co.uk/,https://www.ebay.co.uk/chrome://activity-stream/content/data/content/tippytop/images/bing-com@2x.svg equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.3821738602.0000015F223C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s and allergies.","publisher":"NPR","raw_image_src":"https://npr.brightspotcdn.com/dims3/default/strip/false/crop/2084x1172+0+188/resize/1400/quality/100/format/jpeg/?url=http%3A%2F%2Fnpr-brightspot.s3.amazonaws.com%2F39%2Fc2%2Fa29587ed40d992936f92ef249c11%2Fap090817020267.jpg","received_rank":58,"recommended_at":1740488324320,"score":1},{"id":2423154678762477,"scheduled_corpus_item_id":"f7202d2c-d7bf-4209-abbf-0157b26dfc75","url":"https://www.wired.com/story/inside-the-telegram-groups-doxing-women-for-their-facebook-posts/?utm_source=firefox-newtab-en-us","title":"Inside the Telegram Groups Doxing Women for Their Facebook Posts","topic":"tech","excerpt":"In late January, a warning spread through the London-based Facebook group Are We Dating the Same Guy? equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3843361623.0000015F2160A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (\|https://www.youtube.com/results equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: .com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4372473587.0000015F1CDCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3851295663.0000015F1EBAE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.twitter.com equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4030846488.00000032F8C3A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: ?www.youtube.com.mozilla.comla.net equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: CSV string of spoc placement counts on newtab Pocket grid. The count tells the ad server how many ads to return for this position and placement.https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Translations: The translations engine is disabled through the pref "browser.translations.simulateUnsupportedEngine".Downloader:downloadUpdate - Can't download with internal downloader from a background task. Cleaning up downloading update.UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. topic: update-staged, status: Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/Retrouvez-le et rouvrez-le rapidement ici. Nous conservons un historique des onglets que vous avez r equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Translations: The translations engine is disabled through the pref "browser.translations.simulateUnsupportedEngine".Downloader:downloadUpdate - Can't download with internal downloader from a background task. Cleaning up downloading update.UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. topic: update-staged, status: Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/Retrouvez-le et rouvrez-le rapidement ici. Nous conservons un historique des onglets que vous avez r equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Translations: The translations engine is disabled through the pref "browser.translations.simulateUnsupportedEngine".Downloader:downloadUpdate - Can't download with internal downloader from a background task. Cleaning up downloading update.UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. topic: update-staged, status: Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/Retrouvez-le et rouvrez-le rapidement ici. Nous conservons un historique des onglets que vous avez r equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:null}, ["blocking"]] equals www.rambler.ru (Rambler)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: at/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: at/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId:null}, ["blocking"]] equals www.rambler.ru (Rambler)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://example.com/browser/toolkit/components/shopping/test/browser/attribution.sjsjar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/formautofill@mozilla.org.xpi!/{"queryParams":["tt_content","tt_medium"],"topLevelSites":["www.twitch.tv","dev.twitch.tv"]}https://oldnavy.gap.com/?tid=onpn001929&kwid=1&ap=7&click_id=124458996643921920&mfadid=adm{"queryParams":["esrc","bxid","cndid","source","mbid"],"topLevelSites":["www.newyorker.com"]}https://example.com/browser/toolkit/components/shopping/test/browser/analysis_status.sjsbrowser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.lastDisplayedhttps://example.com/browser/toolkit/components/shopping/test/browser/reporting.sjsjar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/webcompat@mozilla.org.xpi!/moz-extension://be21c389-399c-46f3-9abb-152a8b4def2a/_generated_background_page.htmlmoz-extension://b893c493-7228-46af-bbab-e37fddd49526/_generated_background_page.html{"queryParams":["leadsource","sref","srnd"],"topLevelSites":["www.bloomberg.com"]}{"api_key_pref":"extensions.pocket.oAuthConsumerKey","collapsible":true,"enabled":true}{"queryParams":["qp","cvid","qs","form","sk","sc","sp"],"topLevelSites":["www.bing.com"]}jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/screenshots@mozilla.org.xpi!/moz-extension://1ea88425-e180-4ffd-945e-79ec2028d514/_generated_background_page.html{"queryParams":["si","feature","kw"],"topLevelSites":["www.youtube.com","youtu.be"]}C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi{"queryParams":["wprov"],"topLevelSites":["www.wikipedia.org","en.wikipedia.org"]}{"queryParams":["ref"],"topLevelSites":["www.cnn.co.jp","www.cnn.com","edition.cnn.com"]}Remote Settings "sync" event failed to download new record attachments for updated records.https://example.com/browser/toolkit/components/shopping/test/browser/recommendations.sjsC:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpiTake clips and screenshots from the Web and save them temporarily or permanently.moz-extension://9c0ea54c-f50b-498e-adae-14dbe69fb69f/_generated_background_page.htmlhttps://example.com/browser/toolkit/components/shopping/test/browser/analysis.sjs{"queryParams":["tracking","extid","mibextid"],"topLevelSites":["www.facebook.com"]} equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://example.com/browser/toolkit/components/shopping/test/browser/attribution.sjsjar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/formautofill@mozilla.org.xpi!/{"queryParams":["tt_content","tt_medium"],"topLevelSites":["www.twitch.tv","dev.twitch.tv"]}https://oldnavy.gap.com/?tid=onpn001929&kwid=1&ap=7&click_id=124458996643921920&mfadid=adm{"queryParams":["esrc","bxid","cndid","source","mbid"],"topLevelSites":["www.newyorker.com"]}https://example.com/browser/toolkit/components/shopping/test/browser/analysis_status.sjsbrowser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.lastDisplayedhttps://example.com/browser/toolkit/components/shopping/test/browser/reporting.sjsjar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/webcompat@mozilla.org.xpi!/moz-extension://be21c389-399c-46f3-9abb-152a8b4def2a/_generated_background_page.htmlmoz-extension://b893c493-7228-46af-bbab-e37fddd49526/_generated_background_page.html{"queryParams":["leadsource","sref","srnd"],"topLevelSites":["www.bloomberg.com"]}{"api_key_pref":"extensions.pocket.oAuthConsumerKey","collapsible":true,"enabled":true}{"queryParams":["qp","cvid","qs","form","sk","sc","sp"],"topLevelSites":["www.bing.com"]}jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/screenshots@mozilla.org.xpi!/moz-extension://1ea88425-e180-4ffd-945e-79ec2028d514/_generated_background_page.html{"queryParams":["si","feature","kw"],"topLevelSites":["www.youtube.com","youtu.be"]}C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi{"queryParams":["wprov"],"topLevelSites":["www.wikipedia.org","en.wikipedia.org"]}{"queryParams":["ref"],"topLevelSites":["www.cnn.co.jp","www.cnn.com","edition.cnn.com"]}Remote Settings "sync" event failed to download new record attachments for updated records.https://example.com/browser/toolkit/components/shopping/test/browser/recommendations.sjsC:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpiTake clips and screenshots from the Web and save them temporarily or permanently.moz-extension://9c0ea54c-f50b-498e-adae-14dbe69fb69f/_generated_background_page.htmlhttps://example.com/browser/toolkit/components/shopping/test/browser/analysis.sjs{"queryParams":["tracking","extid","mibextid"],"topLevelSites":["www.facebook.com"]} equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/*2 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/* equals www.linkedin.com (Linkedin)
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/*8 equals www.linkedin.com (Linkedin)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wikipedia.org/url-classifier-skip-urlspartitioning-exempt-urlshttps://www.facebook.com/cryptomining-protection@mozilla.org/contentanalysis;1dom.beforeunload_timeout_msonExceptionListUpdateDOMAudioPlaybackBlockStartedBrowser:UnselectedTabHoveremailtracking-data-collectionunregisterExceptionListObserversearchURLPublicSuffixapplication/x-moz-nativehtmlmain/partitioning-exempt-urlsmain/url-classifier-skip-urlsBrowser:PurgeSessionHistoryKey must be non empty string.socialtracking-annotationonRemoteSettingsUpdateD_cancel/this._promiseCanceled< equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/Instantly translate any webpage text. Simply highlight the text, right-click to open the context menu, and choose a text or aural translation. equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/Instantly translate any webpage text. Simply highlight the text, right-click to open the context menu, and choose a text or aural translation. equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/chrome://activity-stream/content/data/content/tippytop/images/duckduckgo-com@2x.svg equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/chrome://activity-stream/content/data/content/tippytop/images/duckduckgo-com@2x.svg equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/chrome://activity-stream/content/data/content/tippytop/images/google-com@2x.png equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/chrome://activity-stream/content/data/content/tippytop/images/google-com@2x.png equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.leboncoin.fr/,https://twitter.com/chrome://activity-stream/content/data/content/tippytop/images/google-com@2x.png equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/results equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/resultsisInPrivateBrowsingModelse,removeFormHistoryEntry/<all"removeFormHistoryEntry/result<o_onMessageGetEngine/<":tru5? equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: k", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s and allergies.","publisher":"NPR","raw_image_src":"https://npr.brightspotcdn.com/dims3/default/strip/false/crop/2084x1172+0+188/resize/1400/quality/100/format/jpeg/?url=http%3A%2F%2Fnpr-brightspot.s3.amazonaws.com%2F39%2Fc2%2Fa29587ed40d992936f92ef249c11%2Fap090817020267.jpg","received_rank":58,"recommended_at":1740488324320,"score":1},{"id":2423154678762477,"scheduled_corpus_item_id":"f7202d2c-d7bf-4209-abbf-0157b26dfc75","url":"https://www.wired.com/story/inside-the-telegram-groups-doxing-women-for-their-facebook-posts/?utm_source=firefox-newtab-en-us","title":"Inside the Telegram Groups Doxing Women for Their Facebook Posts","topic":"tech","excerpt":"In late January, a warning spread through the London-based Facebook group Are We Dating the Same Guy? equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F1866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4354430317.0000015F1C793000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4336878100.0000015F1C303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3794998181.0000015F217BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3851295663.0000015F1EBAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3775259414.0000015F217BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.twitter.com equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000002.4354430317.0000015F1C793000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4030846488.00000032F8C3A000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4336878100.0000015F1C303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F1866D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4431618000.0000015F1D985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com5 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000002.4372473587.0000015F1CDCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {"queryParams":["si","feature","kw"],"topLevelSites":["www.youtube.com","youtu.be"]} equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {"queryParams":["tracking","extid","mibextid"],"topLevelSites":["www.facebook.com"]} equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: r10.o.lencr.org
Source: global traffic	DNS traffic detected: DNS query: a1887.dscq.akamai.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: merino.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: o.pki.goog
Source: global traffic	DNS traffic detected: DNS query: firefox-settings-attachments.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: attachments.prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: pki-goog.l.google.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: unknown

HTTP traffic detected: POST /api/v1/curated-recommendations HTTP/1.1Host: merino.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdcontent-type: application/jsonContent-Length: 44Connection: keep-alivePriority: u=4

Source: firefox.exe, 0000000D.00000003.4000678717.0000015F21C84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4384534141.0000015F1CF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.4002110784.0000015F21BB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3999708471.0000015F21CAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4111312186.0000015F17CCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4336878100.0000015F1C303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://http://https://ftp://www.mailto::///./MFUGedcom-SEX-MGedcom-SEX-FGedcom-SEX-U0123Gedcom-QUAY-
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000009C8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://json-schema.org/draft-03/schema#
Source: firefox.exe, 0000000D.00000003.3613301270.0000015F1D595000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613181283.0000015F1D5A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3602247275.0000015F1A7CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3614509576.0000015F1D50B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3608392865.0000015F1C886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3936453127.0000015F1CA95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3614823874.0000015F1D4EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4328531180.0000015F1B063000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3602247275.0000015F1A7D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3851295663.0000015F1EBAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3608392865.0000015F1C859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4336878100.0000015F1C303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3614244916.0000015F1D521000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613501257.0000015F1D57E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613830151.0000015F1D552000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4291336997.0000015F19803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3853654266.0000015F1EB31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3614823874.0000015F1D4F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000000FCD000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://tile.stamen.com/terrain-backgroundU
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ahnenblatt.com
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ahnenblatt.de
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2771525361.00000000019E4000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ahnenblatt.de/handbuecheropenhttp://www.ahnenblatt.com/manualsDateFormatDiffersFromOSPrin
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ahnenblatt.deopenhttp://www.ahnenblatt.comopenhttp://www.ahnenblattportal.deopenhttp://ww
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ahnenblattportal.de
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ahnenblattportal.de/index.php?c=10&language=english
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000018BB000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000018BB000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.color.org
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000000961000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000000FCD000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D5B9000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.0000000005080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.info-zip.org/
Source: firefox.exe, 0000000D.00000003.3613301270.0000015F1D595000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613501257.0000015F1D574000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4349022328.0000015F1C684000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4410263056.0000015F1D585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A843000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4328531180.0000015F1B063000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4349022328.0000015F1C603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613830151.0000015F1D549000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613501257.0000015F1D56B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3613501257.0000015F1D57E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3853654266.0000015F1EB31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.tmssoftware.com
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.topografix.com/GPX/1/1
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.topografix.com/GPX/1/1/gpx.xsd
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001943000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.wptools.de
Source: firefox.exe, 0000000D.00000003.4002110784.0000015F21BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3841266556.0000015F2188B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21BB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3843361623.0000015F2161D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000D.00000003.4002110784.0000015F21BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3841266556.0000015F2188B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21BB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3843361623.0000015F2161D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2853800438.0000000002EC9000.00000002.00000001.01000000.00000000.sdmp	String found in binary or memory: https:///Themes/exodus/Seed/test.htmlexodus.exe/Themes/exodus/test2.html/finished/ledger.html/finish
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://360.yandex.com/mail/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://a1.espncdn.com/combiner/i?img=%2Fphoto%2F2025%2F0220%2Fr1454518_2_1296x729_16%2D9.jpg
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3673047065.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.search.naver.com/nx/ac
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.proton.me/mail/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&
Source: firefox.exe, 0000000D.00000003.3892876758.0000015F217EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3942602510.0000015F1CAC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3895903390.0000015F20E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3828173998.0000015F225CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4404147870.0000015F1D4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3942602510.0000015F1CAD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3899949318.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3937877990.0000015F17BE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3905115973.0000015F1845F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3901031512.0000015F20E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4037691955.0000008873C70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.mozilla.org/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.geoapify.comU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.ipstack.comU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.mapbox.comU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.openrouteservice.orgU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.tiles.mapbox.com/mapbox-gl-js/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015ED000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.tomtom.com/maps-sdk-for-web/cdn/6.x/6.25.0/maps/maps-web.min.jsU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015ED000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.tomtom.com/maps-sdk-for-web/cdn/6.x/6.25.0/maps/maps.css
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015ED000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.tomtom.com/style/1/style/21.1.0-
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://api.tomtom.comU
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apnews.com/article/beyond-gates-new-soap-opera-black-representation-5b38d5f11c787e7bdd3dfaf3
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apnews.com/article/johnson-trump-republicans-budget-vote-tax-cuts-4cb74ca15f6a74a7344355e450
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.neo.space/mail/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://arstechnica.com/gadgets/2025/02/psa-amazon-kills-download-transfer-via-usb-option-for-kindle
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://assets-prd.ignimgs.com/2024/08/29/james-bond-26-director-1724932738070.png?width=1280
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i85K4pYQdbEY/v3/1200x800.jpg
Source: firefox.exe, 0000000D.00000002.4060803710.0000015F10921000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/133.0/20241121140525/WINNT_x86_64-msvc-x64/en-US/release/W
Source: firefox.exe, 0000000D.00000003.3672773222.0000015F217B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3675019753.0000015F1D036000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3674575820.0000015F1D03A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3688903848.0000015F1D069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3673047065.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3675253561.0000015F1D01F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3671247982.0000015F2179E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3690567759.0000015F21229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3665654823.0000015F21778000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3689637684.0000015F21239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3676077581.0000015F1D028000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3846599624.0000015F211E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3689637684.0000015F2120C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3674298551.0000015F1D057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://autosug.ebay.com/autosug
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F210D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bn.U
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A834000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=1.0.0&encp=HF3vIpkY7RcdjpkX4ZfZ4Z2W4CfrfCHX7ncqjna
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F1885A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3966175611.0000015F1840B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=1.0.0&encp=jnEYxmwVJQkX5QbUftINI%3DwqgC8nxGEkgClr4
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F1885A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3966175611.0000015F1840B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=1.0.0&encp=jnEYxmwVJQkX5QbUftINI%3DwqgCfnxGEkgClr4
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=1.0.0&encp=HF3vIpkX7RcdjpkX4ZfZ4Z2W4CfrfCHX7ncqjnaz7nIZgGeY
Source: firefox.exe, 0000000D.00000003.3853916816.0000015F1C7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ca-times.brightspotcdn.com/dims4/default/31f5447/2147483647/strip/true/crop/5744x3016
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://cdn.apple-mapkit.com/mk/5.x.x/mapkit.jsU
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015FF000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/ol
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001607000.00000020.00000001.01000000.00000007.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015E8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://cdn.mapmarker.io/api/v1/pin?text=P&size=50&hoffset=1
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.outsideonline.com/wp-content/uploads/2025/02/NPS-1024x576.jpg
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3685583621.0000015F1CEA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3700326117.0000015F21DE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://click.validclick.net/rdr2.php?aff=mozilla&q=esim&cmp=95541&subid=1&url=https://www.dell.com/
Source: firefox.exe, 0000000D.00000002.4060803710.0000015F10921000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://dev.virtualearth.netU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/U
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfnccore/components/ttmsfncwebbrowserU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncmaps/U
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncmaps/components/ttmsfncmaps/#ttmsfncdirectionsU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncmaps/components/ttmsfncmaps/#ttmsfncgeocodingU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncmaps/components/ttmsfncmaps/#ttmsfnclocationU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncmaps/components/ttmsfncmaps/#ttmsfncroutecalculatorU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncuipack/components/ttmsfnchintU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.tmssoftware.com/webgmaps/firebug/firebug-lite.js#startOpened
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://eudict.com/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000000961000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000009C8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://familygraph.myheritage.com/matchingrequest-8
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000003.3828173998.0000015F225CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4111312186.0000015F17CCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3983113234.0000015F225D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000003.3828173998.0000015F225CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3866294529.0000015F212EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3983113234.0000015F225D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/100a978d-83ff-4b11-886
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/173414e1-81f7-4612-b86
Source: firefox.exe, 0000000D.00000003.3985203022.0000015F223CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3895903390.0000015F20E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3895001417.0000015F20E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/347f7fa0-10c2-4150-a0a
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/349cc073-a414-4640-9dc
Source: firefox.exe, 0000000D.00000003.3828173998.0000015F225CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4125006961.0000015F17D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F18663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4404147870.0000015F1D4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3899949318.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3983113234.0000015F225D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3905115973.0000015F1845F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3901031512.0000015F20E26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4384534141.0000015F1CFD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/6d15f99b-4ba8-49ba-b03
Source: firefox.exe, 0000000D.00000003.3868273215.0000015F209D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3998168609.0000015F21EFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3883881332.0000015F224A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4396657074.0000015F1D36F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3942950985.0000015F2241C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3868273215.0000015F209BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3892527222.0000015F209BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3905520249.0000015F21D13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000D.00000003.3895903390.0000015F20E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/ca9d2b72-2a14-47cf-9e2
Source: firefox.exe, 0000000D.00000003.3895903390.0000015F20E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/e19fdf53-f972-4aa2-a84
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/e4fd7d61-c283-4788-bea
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/e7da4d9e-79e8-41b5-b55
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/10e23599-85
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3993536681.0000015F1CA94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4404147870.0000015F1D443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/13495d0e-f9
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/32531fc6-1e
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/45ecab20-ff
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/5344443f-f4
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/56a7f3ae-70
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3992865032.0000015F1CAA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/6b8eb3cf-f2
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/6bf5c4ac-f5
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/966b18ad-37
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/a205885e-19
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/a5a041de-92
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3992865032.0000015F1CAA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/af6073d2-cb
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/bd424c86-63
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/becfadf4-4c
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/d357925c-b9
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/d8b71c77-99
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/d9289c5b-8c
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/dfd3762e-f7
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3993536681.0000015F1CA94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4404147870.0000015F1D443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/e1108381-5c
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3993536681.0000015F1CA94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/e94b1e49-c5
Source: firefox.exe, 0000000D.00000003.3828173998.0000015F225CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3983113234.0000015F225D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net5https://firefox-settings-attachments.cdn.mozill
Source: firefox.exe, 0000000D.00000002.4125006961.0000015F17D9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4410263056.0000015F1D503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 0000000D.00000002.4111312186.0000015F17C69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18BBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3866294529.0000015F212EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://food52.com/blog/28702-neiman-marcus-cake-trending-gooey-butter?utm_source=firefox-newtab-en-
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://geocode.search.hereapi.comU
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/10-famous-book-hoarders?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/11-simple-ways-to-improve-your-memory?utm_source=firefox-newtab-e
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/3-refreshing-nonalcoholic-drinks-you-can-make-with-pantry-finds?u
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/5-questions-the-most-interesting-people-will-always-ask-in-conver
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/8-cool-bookstores-and-libraries-you-can-spend-the-night-in?utm_so
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/a-century-in-motion-how-stop-motion-films-went-from-obscure-creat
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/a-theory-of-reality-as-more-than-the-sum-of-its-parts?utm_source=
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/america-s-loneliest-roads-mapped?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/best-fast-growing-shrubs-15-bright-and-beautiful-varieties?utm_so
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/dawn-dish-soap-surprising-uses-23269453?utm_source=firefox-newtab
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/designers-and-statisticians-disagree-on-what-makes-a-good-informa
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/different-songs-for-different-days-why-it-s-important-to-actively
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/does-foam-rolling-actually-do-any-good?utm_source=firefox-newtab-
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/english-is-not-normal?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/he-made-his-greek-mom-a-tiktok-star-when-she-died-he-kept-cooking
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-pink-salt-took-over-millennial-kitchens?utm_source=firefox-ne
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-the-geometry-of-ancient-habitats-may-have-influenced-human-br
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-build-a-sustainable-running-training-plan?utm_source=firef
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-clean-a-microwave-inside-and-out?utm_source=firefox-newtab
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-refinish-a-table-in-5-steps-it-s-actually-easy?utm_source=
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-see-the-morocco-most-tourists-don-t?utm_source=firefox-new
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-we-misunderstand-anxiety-and-miss-out-on-its-benefits?utm_sou
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/if-you-re-going-to-put-your-preschooler-in-front-of-a-screen-choo
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/inside-the-world-of-investigators-who-know-you-ve-faked-your-deat
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/no-one-wants-to-pay-25-for-breakfast-us-restaurants-are-cracking-
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/slayer-striker-shooter-and-the-rise-of-the-extreme-baby-boy-name?
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/staying-up-all-night-rewires-our-brains-this-could-be-key-to-solv
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-10-best-pilates-exercises-to-do-every-day-according-to-traine
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-fascinating-anatomy-of-the-presidential-motorcade?utm_source=
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-misery-of-company?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-obsessive-life-and-mysterious-death-of-the-fisherman-who-disc
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-truth-about-hydration-should-you-drink-eight-glasses-of-water
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/what-does-it-mean-when-you-talk-in-your-sleep?utm_source=firefox-
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/what-the-tip-of-the-t
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/what-the-tip-of-the-tongue-phenomenon-says-about-cognitive-aging?
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/why-doing-good-makes-it-easier-to-be-bad?utm_source=firefox-newta
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/why-we-all-need-sisu-the-finnish-concept-of-action-and-creativity
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/you-re-holding-your-phone-wrong?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabfx-view-discoverability-split-button-option2-la
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/ratioSample/ratioTotal
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://grist.org/accountability/why-some-starbucks-locations-are-switching-from-plastic-to-paper-cu
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://grist.org/wp-content/uploads/2025/02/starbucks-cups.jpg?quality=75&strip=all
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hbr.org/2025/02/how-to-get-hired-when-ai-does-the-screening?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4060803710.0000015F10921000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/8141aab3ba856d7cbae6c851dd71f2e0cb69649c
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.cbc.ca/1.7462971.1739991690
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ichef.bbci.co.uk/images/ic/1920xn/p0kssjb9.jpg.webp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ichef.bbci.co.uk/news/1536/cpsprodpb/e6cc/live/c4d5bc00-f07b-11ef-8c03-7dfdbeeb2526.jpg.webp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://image.cnbcfm.com/api/v1/image/108104518-17399901472024-08-14t020733z_1546528781_rc29f9a01urx
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://images.axios.com/QXvo4NCLqBqqpKJ8K1FhcyowrUc=/0x0:1600x900/1366x768/2025/02/23/1740327542921
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://images.fastcompany.com/image/upload/f_webp
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/96x96/filters:format(jpeg):quality(60):no_upscale():strip_exif
Source: firefox.exe, 0000000D.00000003.3983852366.0000015F22562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F0a396ff8c
Source: firefox.exe, 0000000D.00000002.4354430317.0000015F1C77F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F18663000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F71cbdf53b
Source: firefox.exe, 0000000D.00000003.3983852366.0000015F22562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4308600882.0000015F1A564000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2Fa1d4a7dfd
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3685583621.0000015F1CEA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3700326117.0000015F21DE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2Faceae32ef
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img.huffingtonpost.com/asset/67a234711600002600afeeb9.jpeg?cache=MLbgBW9q7K&ops=1200_630
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img.huffingtonpost.com/asset/67abb8441d000027003b5d68.jpeg?cache=FmwvZlkGzw&ops=1200_630
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkXfQ2k4CL%2B1CHm4pf%2BfQl%2BfQbnj9wWIBdvIpkY7n4YIFc
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000D.00000002.4303704238.0000015F19923000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://insights.smartasset.com/financial-advisor-secrets?utm_source=pocket&utm_campaign=poc__falc_c
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F210D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ja.5
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F210D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ja.wikipedi
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-core.js
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-harp.jsU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-mapevents.js
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-service.js
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-ui.css
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://js.api.here.com/v3/3.1.54.0/mapsjs-ui.js
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://kalender.digital/
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F210D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ko.U
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://kolabnow.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lifehacker.com/home/ways-youre-ruining-your-house-without-realizing-it?utm_source=firefox-ne
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://live365.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.aol.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3982909490.0000015F225E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4303704238.0000015F19903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3684989566.0000015F1CEBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sDidn
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mailfence.com/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000015D8000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://maps.googleapis.com/maps/api/js?&key=
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://maps.googleapis.comU
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media-cldnry.s-nbcnews.com/image/upload/t_nbcnews-fp-1200-630
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.newyorker.com/photos/67b909b21be45180a325c729/16:9/w_1280
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.wired.com/photos/67b346a7dae97853c49789b8/191:100/w_1280
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.wired.com/photos/67b5aef62aa42830e36f6097/191:100/w_1280
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.wired.com/photos/67b7c6f09df55ef804b54ee4/191:100/w_1280
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mediaproxy.salon.com/width/1200/https://media2.salon.com/2025/02/freezing_your_credit_card_f
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4410263056.0000015F1D585000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4410263056.0000015F1D598000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/curated-recommendations
Source: firefox.exe, 0000000D.00000002.4111312186.0000015F17C69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navigator-bs.gmx.com/mail/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://nominatim.openstreetmap.orgU
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://npr.brightspotcdn.com/dims3/default/strip/false/crop/2084x1172
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://npr.brightspotcdn.com/dims3/default/strip/false/crop/3000x1688
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/
Source: firefox.exe, 0000000D.00000002.4303704238.0000015F19923000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://partners.thepennyhoarder.com/nice-companies-ff-prt/?aff_id=342&utm_source=firefox&utm_medium
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://platform.polygon.com/wp-content/uploads/sites/2/2025/02/madden.jpg?quality=90&strip=all&crop
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://platform.vox.com/wp-content/uploads/sites/2/2025/02/GettyImages-2126123274.jpg?quality=90&st
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://platform.vox.com/wp-content/uploads/sites/2/2025/02/anger-v3.jpg?quality=90&strip=all&crop=0
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://posteo.de/en/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://power1051.iheart.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://proton.me/de/calendar/
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://revgeocode.search.hereapi.comU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://router.hereapi.comU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://routes.googleapis.comU
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://runbox.com/
Source: firefox.exe, 0000000D.00000003.3983852366.0000015F22562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/0a396ff8cc8d4514a09ef5ddd1315f1f.png
Source: firefox.exe, 0000000D.00000002.4354430317.0000015F1C77F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F18663000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/71cbdf53bab54a6a9a97b5b9b8c07a10.jpg
Source: firefox.exe, 0000000D.00000003.3983852366.0000015F22562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4308600882.0000015F1A564000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/a1d4a7dfdc9c4929a37c730fe231663d.png
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3685583621.0000015F1CEA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3700326117.0000015F21DE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/aceae32efe5d419dbb72556f97f465e3.png
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/18f638e2-6b54-4a27-a2b7-9b5c337d5c1c.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/216b4632-7dd6-4583-836f-b65a2cb6c723.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/2cbe8638-2d0c-4c46-8ba4-11cffbcfe1dd.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/43c8bd44-0b76-4962-9d75-c7a7190b190c.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/4b36a91c-0703-4545-a7a8-29e2d383a799.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/5b2957a5-66b1-4799-92aa-48b4575134e2.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/645b5fa2-7a76-477d-8c6f-c5aa6b7ac12f.jp
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/68a0cd48-ec2e-4d33-835d-195f49f9b7e7.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/742bba78-a8e6-43a0-8830-265d18e1c19f.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/74d31c0e-b7c7-437d-a40e-9251b1f64345.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/7dc3cbea-c3ec-456c-97fe-60b55f8fc633.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/a12e8eba-faee-43ee-bf4f-5d12d7280c98.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/b5508c9f-41bd-438b-9a1c-9e1b79f73032.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/b6695560-d2fc-496e-84d7-93f899fbecb4.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/ca3cd434-6592-4f5a-bb34-0da713ebfb48.jp
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/db1947b6-b844-4100-9556-1562d98ee4cb.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/df83457f-72a1-46bf-bb96-12677e9b037a.jp
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/e51df83a-7597-4a8d-bce2-d0df0a8606f1.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/f057197e-a121-413a-b38a-698dcca5e09b.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/f3affeb7-85e5-499b-b1ca-b0af842c7412.jp
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/fd7e665a-4098-4647-95c0-2b186722fa25.jp
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/007f97f3-8957-4fbe-8358-fbf08
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/037efc09-429d-42b7-acfd-90be1
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/038ab993-3b63-4122-b4c4-aa5b8
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/1077a77f-06df-4176-b114-a5b8a
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/13cc1abb-93df-4b58-97d1-4e01b
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/202f474c-ac5d-419d-9ed7-cbdb3
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/243078e6-5b29-4a6b-9b3e-9aa09
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/27eb5cde-b050-49a2-b23b-5ecb3
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/28d41af5-0d7c-4d14-8b6d-390d9
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/2ebb81f7-939a-488a-b000-36f25
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/2f3ab272-1c3c-4fa3-b0f7-a2c71
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/33de5d36-032d-4cd8-a41e-3a901
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/36036b7a-7beb-4a40-94b6-9da80
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/394a3f93-b24b-4c42-aa0d-eeb75
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/3b9e6df6-090f-406a-9bd7-a7072
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/3e4d6261-5be1-4028-8596-5b0e6
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/4386384b-058b-40c1-92b8-c1a6e
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/4958bd68-660e-44c7-83aa-1f4ac
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/51ea5c00-ea38-431a-8e9f-75b61
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/52911255-dbdb-44ab-97dd-ef6fa
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/5500040b-cd64-4d1b-8ae3-7c45d
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/5ca3d9b2-3c83-4e87-b836-6debc
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/61f9abd4-496e-4dd4-bbba-36f50
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/71e6ec78-bf6a-4f6b-9ae4-3d263
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/726e1085-e7a6-4e4b-a774-24d87
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/7780f503-c7a6-4943-9960-85fb2
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/799e08b4-ed3b-40c1-afde-446a6
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/7d971a58-aad0-410a-93a8-dcd83
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/8801ab31-e719-4913-893e-0a19f
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/8b401fd2-2939-46ee-b9fe-2444a
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/8f47eba9-6798-44a3-98ef-31a12
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/92913186-a83b-437d-90c5-ca508
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/964eb57c-f6c8-4a6c-8bf6-98783
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/9a699cc4-ade9-4246-81d9-b33b7
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/a1253254-b3a3-4ce4-85bb-1db48
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/a5e89b46-ac3d-483f-9833-9ecb5
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/a84dd4e0-7d00-4430-a7fe-dcb0a
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b580b395-c07f-48f2-b2cc-1598c
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b5e00f45-49fb-4c1a-8159-11b16
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b6232aae-d745-4453-8dc1-ca337
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b6d51c80-5f09-4ed4-998c-a9ec6
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b989fc20-f151-4403-a26a-0a7d9
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/cbda2b16-b493-4998-b4dd-47aca
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/cfb873cb-2e2b-41da-abd8-e623d
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/dcbbaa1f-c795-4b02-8f15-aaba2
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/ddcc14bd-29ec-4f37-8fce-f547b
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/efff021b-c644-4077-b754-36852
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/f8a7c59a-080f-407d-ae6b-7cef1
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F1885A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/featureUpdate:newtabSpocsCache
Source: firefox.exe, 0000000D.00000003.3686584248.0000015F1CECE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/featureUpdate:newtabSpocsCacheexperimental-features-media-jxlfeature
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.naver.com/search.naver
Source: firefox.exe, 0000000D.00000003.3613181283.0000015F1D5A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/rev/560b7b1b17/browser/themes/shared/tabs.css#624
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4303704238.0000015F19903000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.creditmaven.com/50/14915?campaign=FF-SOV03-CompareCredit-Broad&creative=AmericanSuitG
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sf.eater.com/2025/2/21/24368795/fruit-coffee-san-francisco-bay-area-trend?utm_source=firefox
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=133.0&pver=2.2Deferred
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://slate.com/culture/2025/02/parker-posey-the-white-lotus-dazed-and-confused-scream-movies-care
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://slate.com/news-and-politics/2025/02/elon-musk-donald-trump-federal-workers-project-2025.html
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://slate.com/technology/2025/02/2024-election-nonwhite-voters-misinformation-propaganda-univisi
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sohoradiolondon.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://soverin.net/mail/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F1885A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4372473587.0000015F1CDCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static01.nyt.com/images/2025/02/23/multimedia/22Workfriend-qcvb/22Workfriend-qcvb-facebookJu
Source: firefox.exe, 0000000D.00000003.3675019753.0000015F1D036000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3689637684.0000015F2120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://suggestplugin.gmx.co.uk/s
Source: firefox.exe, 0000000D.00000003.3853579064.0000015F1EB44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4410263056.0000015F1D5E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/133.0/WINNT/en-US/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/133.0/WINNT/en-US/new-tab
Source: firefox.exe, 0000000D.00000003.3904513017.0000015F1D7E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/ai-chatbot
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://thereader.mitpress.mit.edu/a-history-of-cryptography-from-the-spartans-to-the-fbi/?utm_sourc
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001607000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://tile.openstreetmap.org/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/hhD5NlAKiX_RmvDdhs27t7JH_hPBOvJmQAw0Un5vEQs=.
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://time.com/7260357/aging-workforce/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://time.com/7260443/demi-moore-oscar-nomination-career/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://time.com/7261243/dan-bongino-fbi-podcaster/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://titan.email/
Source: firefox.exe, 0000000D.00000002.4303704238.0000015F19923000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://try.appsumo.com/?utm_source=firefox&utm_medium=cpc&utm_campaign=FF-Buy-Prospect-Evergreen-Mi
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tunein.com/radio/home/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tuta.com/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4390163658.0000015F1D0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3846599624.0000015F211E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001607000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://unpkg.com/leaflet
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3993536681.0000015F1CA94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4259835018.0000015F19614000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3992865032.0000015F1CAA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/a-close-up-of-a-cell-phone-with-a-blurry-background-uuNCR2NpiNE
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3992865032.0000015F1CAA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/a-red-panda-yawns-in-a-tree-ERm7haDBW8k
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3992865032.0000015F1CAA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/aerial-photo-of-brown-moutains-JgOeRuGD_Y4
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/birds-eye-view-photography-of-mountain-Qw3w0oBH63s
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/brown-and-white-fox-fJyO0eo6_aI
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/brown-and-white-fox-on-green-grass-field-during-daytime-SLOm_cfWTT4
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/cloudy-sky-8P-uQaTd8rw
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3993536681.0000015F1CA94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/lightning-strike-under-cloudy-sky-WLGHjbC0Cq4
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/mountain-covered-with-snow-under-white-clouds-si8OYpuLVBY
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D6E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/northern-lights-over-snow-capped-mountian-LtnPejWDSAY
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/red-panda-on-snow-covered-ground-during-daytime-DWpR-BpKlw0
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/seashore-DA_tplYgTow
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://unsplash.com/photos/seashore-during-golden-hour-KMn4VEeEPR8
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vintagefm.com.au/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webmail.countermail.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://worldwidefm.net/
Source: firefox.exe, 0000000D.00000003.3983852366.0000015F22562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4303704238.0000015F19903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4308600882.0000015F1A564000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ww55.affinity.net/sssdomweb?enk=615ecace6a3595ad020f9474bd23f60e3f73697b86ff155204b57785384a
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.404media.co/content/images/size/w1200/2025/02/image4-1.jpg
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.404media.co/scientists-discover-ancient-farms-in-the-deep-sea/?utm_source=firefox-newtab
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.Pinterest.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.TikTok.com/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.accuradio.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.afar.com/magazine/from-babymoons-to-retirementmoons-moon-travel-is-trending?utm_source=f
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_8b81d0b27dd75696980e23cdcb7b5093baaba24c0cf88950
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.any.do/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.axios.com/2025/02/24/ukraine-russia-war-territory-map-caslualties?utm_source=firefox-new
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.balamii.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.com/future/article/20250221-fatal-attraction-why-your-most-attractive-qualities-can-
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.com/news/articles/c4g0dv7rxxvo?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4321729366.0000015F1A834000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/misc/deal-of-the-day/pcmcat248000050016.c?id=pcmcat1563299784494&ref=21
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bloomberg.com/opinion/articles/2025-02-19/trump-s-insistence-ukraine-has-rare-earth-elem
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.calendar.com/
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cbc.ca/news/canada/montreal/montreal-snow-removal-blower-sicard-1.74
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cbc.ca/news/canada/montreal/montreal-snow-removal-blower-sicard-1.7462967?utm_source=fir
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cbsnews.com/news/musk-federal-workers-another-chance-justify-jobs/?utm_source=firefox-ne
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cinemix.us/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cnbc.com/2025/02/23/westinghouse-sees-path-to-building-big-nuclear-reactors-more-cheaply
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cnbc.com/2025/02/24/heres-why-trump-tariffs-may-raise-your-car-insurance-premiums.html?u
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cozi.com/
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dublab.com/
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3673047065.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.at/sch/
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3673047065.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ch/sch/
Source: firefox.exe, 0000000D.00000003.3675019753.0000015F1D036000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3846599624.0000015F211E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3689637684.0000015F2120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.fr/sch/
Source: firefox.exe, 0000000D.00000003.3672773222.0000015F217B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3665654823.0000015F21778000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.nl/sch/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.espn.com/college-sports/story/_/id/43938472/olivia-livvy-dunne-lsu-gymnastics-ncaa-nil?u
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.fastcompany.com/91281983/jeff-bezos-personal-brand-slump-blue-origin-layoffs?utm_source=
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.fastcompany.com/91282280/3-lessons-the-military-taught-me-about-leadership?utm_source=fi
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.googleapis.comU
Source: firefox.exe, 0000000D.00000002.4354430317.0000015F1C77F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F18663000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hear.com/d/best_hearing_aids_dis01/?act=ACT0000075547ACT
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712066234.0000015F22488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.huffpost.com/entry/doctors-reveal-the-unexpected-cough-remedy-that-kicks-in-asap-goog_l_
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.huffpost.com/entry/whats-the-difference-between-50-jeans-and-500-jeans_l_67b751f8e4b0514
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.huffpost.com/entry/youve-heard-of-fomo-but-what-is-fobo-heres-how-to-spot-this-damaging-
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.icloud.com/calendar/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.icloud.com/mail/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712435830.0000015F21D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ign.com/articles/amazon-boss-jeff-bezos-asks-who-fans-would-pick-as-the-next-james-bond-
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iheart.com/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jango.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.kalender.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.kcrw.com/music/shows/eclectic24/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.kexp.org/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.latimes.com/entertainment-arts/tv/story/2025-02-21/onside-major-league-soccer-mls-apple-
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001607000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.leafletjs.com
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.marthastewart.com/fruits-you-can-grow-indoors-11683293?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.marthastewart.com/thmb/XC3qi-yoybOUiTqJzhLUAbG6a9E=/1500x0/filters:no_upscale():max_byte
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mentalfloss.com/best-millennial-movies?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.motherjones.com/politics/2025/02/education-civil-rights-monitor-fired-doge/?utm_source=f
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.motherjones.com/wp-content/uploads/2025/02/20250220_edu-civil-rights_2000.jpg?w=1200&h=6
Source: firefox.exe, 0000000D.00000003.3853916816.0000015F1C7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/download/thanks/
Source: firefox.exe, 0000000D.00000003.3853916816.0000015F1C7DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/welcome/21/
Source: firefox.exe, 0000000D.00000003.3868273215.0000015F209D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4111312186.0000015F17C69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3998168609.0000015F21EFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3883881332.0000015F224A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3981903687.0000015F225FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3868273215.0000015F209BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3982909490.0000015F225E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3892527222.0000015F209BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#recommend-relevant-content
Source: firefox.exe, 0000000D.00000002.4111312186.0000015F17C69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/D
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/products/vpn/?utm_medium=product&utm_campaign=evergreen&utm_source=firefox-d
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2771525361.00000000019C4000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.myheritage.de/FP/Company/matches-for-partners-privacy-policy.php?partner=&lang=open_INET
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nbcnews.com/news/us-news/greenpeace-says-pipeline-companys-lawsuit-threatens-organizatio
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.newyorker.com/sports/sporting-scene/team-canadas-revenge-served-ice-cold?utm_source=fire
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.npr.org/2025/02/21/nx-s1-5299982/quitting-your-job-ethics?utm_source=firefox-newtab-en-u
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.npr.org/2025/02/24/nx-s1-5304417/smartphone-break-digital-detox-screen-addiction?utm_sou
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.npr.org/2025/02/24/nx-s1-5305717/trump-layoffs-federal-workers-chaos?utm_source=firefox-
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.npr.org/sections/shots-health-news/2025/02/22/nx-s1-5305276/trump-nih-funding-freeze-med
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nts.live/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nytimes.com/2025/02/22/business/bonus-maternity-leave-work-advice.html?utm_source=firefo
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000001607000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.openstreetmap.org/copyright
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.outsideonline.com/outdoor-adventure/hiking-and-backpacking/national-park-layoffs/?utm_so
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pandora.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.polygon.com/gaming/525834/sports-games-madden-2k-how-to-have-fun-again?utm_source=firefo
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.popsci.com/environment/2025-world-nature-photographer-awards/?utm_source=firefox-newtab-
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.popsci.com/science/new-sunflower-species-wooly-devil/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3712254166.0000015F22484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.popsci.com/technology/lamborghinis-on-ice/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.quora.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.radio.net/s/fip/
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.radioguide.fm/
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4390163658.0000015F1D0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3851295663.0000015F1EBAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3846599624.0000015F211E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.salidzini.lv/search.php
Source: firefox.exe, 0000000D.00000003.3665654823.0000015F217EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3673047065.0000015F217EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.salidzini.lv/search_suggest_opensearch.php
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.salon.com/2025/02/21/why-you-should-consider-freezing-your-credit-right-now/?utm_source=
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.self.com/story/bad-foot-habits?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.self.com/story/taking-a-break-in-a-relationship?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3711762922.0000015F22493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3997644203.0000015F222E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sfgate.com/food/article/costco-insider-expensive-items-20183169.php?utm_source=firefox-n
Source: firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.siriusxm.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.stackfield.com/de/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.texasmonthly.com/travel/big-bass-fishing-private-lakes-expensive/?utm_source=firefox-new
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.theguardian.com/science/2025/feb/22/technofossils-how-plastic-bags-and-chicken-bones-wil
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.thespruce.com/how-to-start-a-community-garden-8785605?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.thespruce.com/thmb/4Mb12YORXULoKqWO5v-5Xahj-7o=/2121x0/filters:no_upscale():max_bytes(15
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.tmssoftware.com/site/tmsfnccore.asp?s=faqU
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000001361000.00000020.00000001.01000000.00000003.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.000000000160F000.00000020.00000001.01000000.00000007.sdmp, Ahnenblatt4.exe, 00000002.00000000.2750365054.00000000014B4000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.tmssoftware.com/site/tmsfncmaps.asp?s=faqU
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tumblr.com/
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.vanityfair.com/style/story/fyre-festival-2-coming-back-tickets-billy-mcfarland?utm_sourc
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.vox.com/future-perfect/397282/anger-guilt-self-control-self-compassion-mindfulness-ethic
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.vox.com/politics/400923/doge-federal-workers-fired-noaa-weather-science-climate-trump?ut
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3709549914.0000015F224C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wired.com/story/a-jumping-lunar-robot-is-about-to-explore-a-pitch-black-moon-crater-for-
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3838178972.0000015F21B95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wired.com/story/ai-swaps-desk-work-for-the-factory-floor/?utm_source=firefox-newtab-en-u
Source: firefox.exe, 0000000D.00000003.3709262105.0000015F224CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wired.com/story/inside-the-telegram-groups-doxing-women-for-their-facebook-posts/?utm_so
Source: firefox.exe, 0000000D.00000002.4205629172.0000015F186C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3710953718.0000015F22604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wired.com/story/lenacapavir-usaid-hiv-aids-funding-cuts/?utm_source=firefox-newtab-en-us
Source: firefox.exe, 0000000D.00000002.4308600882.0000015F1A5A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3836381576.0000015F21CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.4229775560.0000015F18B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zoho.com/calendar/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zoho.com/mail/
Source: firefox.exe, 0000000D.00000003.3903139833.0000015F21D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903966397.0000015F21D61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3903534071.0000015F2246A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3904070767.0000015F22471000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3896346508.0000015F22463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.3985203022.0000015F22321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://zeeg.me/en/
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F210D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://zh.US4.org/w/api.php

Source: unknown	Network traffic detected: HTTP traffic on port 52305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63782
Source: unknown	Network traffic detected: HTTP traffic on port 63785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52305
Source: unknown	Network traffic detected: HTTP traffic on port 52302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53794
Source: unknown	Network traffic detected: HTTP traffic on port 63775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54249
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54250
Source: unknown	Network traffic detected: HTTP traffic on port 54251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54251
Source: unknown	Network traffic detected: HTTP traffic on port 63782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63776

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:63776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:63775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.24:63782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.24:52302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.24:52306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.24:52307 version: TLS 1.2

System Summary

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\ProgramData\sqlservr\Ahnenblatt4.exe 8F4F53BC02348A549F3437444AACEC43EAE5F90875EA3C5EC96600BA1CB4A061

PE file contains executable resources (Code or Archives)

Source: msgpk.3.dr

Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

Sample file is different than original file name gathered from version info

Source: Ahnenblatt4.exe, 00000001.00000002.2802519883.000000006D3F9000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameBorlndmm.Dll. vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000000961000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: IDv2_ORIGINALFILENAME vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2716334683.0000000000961000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameT vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2723557516.0000000002046000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: @Mp3fileutils@TID3v2Tag@GetOriginalFilename$qqrv vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2723557516.0000000002046000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: @Mp3fileutils@TID3v2Tag@SetOriginalFilename$qqr20System@UnicodeString vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000002.2783876022.000000000D610000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezip.exe( vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: LoadFileHEADHEADNoGedcomFileFileName: FilePath: GedcomDateGedcomDateSeparatorGedcomDateGedcomShortDateFormatSOURVERSNAMESourceProgram: _ORGSOURAHN4.20Ahnenblatt + ... VERS + ... NAME + ... DATECreationDate: FILEOriginalFileName: CHARASCIIDOSMSDOSMS-DOSIBMPCIBM DOSANSIWINDOWSIBM WINDOWSANSELUTF-8UTF8MACINTOSHMACUNICODEVERS / MAC_NAVM_NAVI_HOME_HME_COLISUBMGEDCVERSCharacterCoding: NoCharacterCodingFoundGENPROFIANSIASCII5.6.gdfGedcomFileWithoutVersion vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000000.2722496908.0000000001CA9000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: sen - vor Geschwister erzeugenGedcomPlacLocConversion - vor GEDLocLinks ()_LOCMAPMAP.LATIMAP.LATIMAP.LATIMAP.LONGMAP.LONGMAP.LONG - nach GEDLocLinks - vor INDI AddUnderFAMPLAC - nach INDI AddUnder - vor FAM AddUnderPLACGEN_PLUSPCAHNENAhnenforscherAhnen-ChronikPRO-GENGENprofi - StammbaumStammbaumGP_96_STDGFAHNENAdamRS-AHNENAGESwebtreesMYHERITAGEEasyTreeGENPROFIGEN_PLUSREPOSUBMSOURFAMFAMC_TXTPCAHNENFILESOURAhnen-ChronikNOTEOBJEGENprofi - StammbaumStammbaumSOURSUBMAdamSOURGP_96_STDSUBMwebtreesOBJESOURREPONOTENOTEAGES_TASKSOUROBJEMYHERITAGESUBMSOURREPOEasyTreeSOURNOTEGEN_PLUSGen_PlusPCAHNENPC-AhnenAhnenforscherAhnenforscherAhnen-ChronikAhnen-ChronikPRO-GENPro-GenGENprofi - StammbaumStammbaumGENprofi-StammbaumGP_96_STDGENprofiGFAHNENGFAhnenAdamAdamRS-AHNENRS-AhnenAGESAges!webtreeswebtreesMYHERITAGEMyHeritageEasyTreeEasyTree/Mein StammbaumGENPROFIGENprofi (Gesamtexport im erweiterten GEDCOM-Format)OptimizedGedcomImportGeneralGedcomOptimizationsCorrectionsMade - nach FAM AddUnderNumberOfPersons: PrematureEOFPrematureEOFSomePersonsLoadedUseThemAnywayXInternetFilesDownloadNowDownloadFilesXofYFilesDownloaded - vor GEDCOM-Report - nach GEDCOM-Report - vor GEDCOM-InfoOriginalFileName: vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000001.00000002.2789531694.000000000D8FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000000A11000.00000020.00000001.01000000.00000007.sdmp	Binary or memory string: IDv2_ORIGINALFILENAME vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000002.00000000.2771525361.0000000001961000.00000008.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFileName vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000002.00000000.2771525361.0000000001961000.00000008.00000001.01000000.00000007.sdmp	Binary or memory string: LoadFileHEADHEADNoGedcomFileFileName: FilePath: GedcomDateGedcomDateSeparatorGedcomDateGedcomShortDateFormatSOURVERSNAMESourceProgram: _ORGSOURAHN4.20Ahnenblatt + ... VERS + ... NAME + ... DATECreationDate: FILEOriginalFileName: CHARASCIIDOSMSDOSMS-DOSIBMPCIBM DOSANSIWINDOWSIBM WINDOWSANSELUTF-8UTF8MACINTOSHMACUNICODEVERS / MAC_NAVM_NAVI_HOME_HME_COLISUBMGEDCVERSCharacterCoding: NoCharacterCodingFoundGENPROFIANSIASCII5.6.gdfGedcomFileWithoutVersion vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000002.00000000.2750365054.0000000000A42000.00000020.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenameT vs Ahnenblatt4.exe
Source: Ahnenblatt4.exe, 00000002.00000002.2792207291.000000000D186000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Ahnenblatt4.exe

Uses 32bit PE files

Source: Ahnenblatt4.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal57.spyw.expl.evad.winEXE@26/25@61/10

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1316:120:WilError_03

Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe

File created: C:\Users\user\AppData\Local\Temp\49fa8b98

Jump to behavior

Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: Ahnenblatt4.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Ahnenblatt4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 0000000D.00000002.4378583788.0000015F1CE5E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT count(*) AS count FROM moz_places@mozilla.org/toolkit/finalizationwitness;1places.frecency.origins.alternative.daysCutOff alternative origins frecency values#recalculateSomePagesAlternativeFrecenciesresource://gre/modules/PlacesExpiration.sys.mjs@mozilla.org/browser/nav-bookmarks-service;1
Source: firefox.exe, 0000000D.00000003.3848639938.0000015F21057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE moz_places SET foreign_count = foreign_count + 1 WHERE id = NEW.place_id;

Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: borlndmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: cc32290mt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: borlndmm.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: cc32290mt.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Section loaded: shdocvw.dll	Jump to behavior

Source: C:\Windows\SysWOW64\more.com

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Checks if Microsoft Office is installed

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Jump to behavior

PE / OLE file has a valid certificate

Source: Ahnenblatt4.exe

Static PE information: certificate valid

PE file exports many functions

Source: Ahnenblatt4.exe

Static PE information: More than 422 > 100 exports found

PE file has a big code size

Source: Ahnenblatt4.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Submission file is bigger than most known malware samples

Source: Ahnenblatt4.exe

Static file information: File size 28962896 > 1048576

PE file has a big raw section

Source: Ahnenblatt4.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1347200
Source: Ahnenblatt4.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1b8600
Source: Ahnenblatt4.exe	Static PE information: Raw size of .edata is bigger than: 0x100000 < 0x10ec00
Source: Ahnenblatt4.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x427400
Source: Ahnenblatt4.exe	Static PE information: Raw size of .reloc is bigger than: 0x100000 < 0x159600

PE file imports many functions

Source: Ahnenblatt4.exe

Static PE information: More than 200 imports for USER32.DLL

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: Ahnenblatt4.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Source:	Binary string: D:\a\_work\e\src\out\Release\WebView2Loader.dll.pdb source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2854698218.0000000002EF0000.00000002.00000001.01000000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: Ahnenblatt4.exe, 00000001.00000002.2789531694.000000000D7D3000.00000004.00000020.00020000.00000000.sdmp, Ahnenblatt4.exe, 00000002.00000002.2792207291.000000000D070000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Ahnenblatt4.exe, 00000001.00000002.2789531694.000000000D7D3000.00000004.00000020.00020000.00000000.sdmp, Ahnenblatt4.exe, 00000002.00000002.2792207291.000000000D070000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\source\VIEW\Release\WebView2GettingStarted.pdb source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2853800438.0000000002EC9000.00000002.00000001.01000000.00000000.sdmp

Data Obfuscation

PE file contains an invalid checksum

Source: cc32290mt.dll.1.dr	Static PE information: real checksum: 0x10a06b should be: 0x109b3d
Source: msgpk.3.dr	Static PE information: real checksum: 0x0 should be: 0x15002a

PE file contains sections with non-standard names

Source: Ahnenblatt4.exe	Static PE information: section name: .didata
Source: Ahnenblatt4.exe.1.dr	Static PE information: section name: .didata
Source: borlndmm.dll.1.dr	Static PE information: section name: .didata
Source: msgpk.3.dr	Static PE information: section name: dgl

Persistence and Installation Behavior

Drops PE files

Source: C:\Windows\SysWOW64\more.com	File created: C:\Users\user\AppData\Local\Temp\msgpk	Jump to dropped file
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\borlndmm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\cc32290mt.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\borlndmm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	File created: C:\ProgramData\sqlservr\cc32290mt.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\SysWOW64\more.com

File created: C:\Users\user\AppData\Local\Temp\msgpk

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Windows\SysWOW64\more.com

Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\MSGPK

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Ahnenblatt4.exe	API/Special instruction interceptor: Address: 6CF37C44
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	API/Special instruction interceptor: Address: 6CF37C44
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	API/Special instruction interceptor: Address: 6CF37945
Source: C:\Windows\SysWOW64\more.com	API/Special instruction interceptor: Address: 6CF33B54
Source: C:\Windows\SysWOW64\explorer.exe	API/Special instruction interceptor: Address: 2988B7

Found dropped PE file which has not been started or loaded

Source: C:\Windows\SysWOW64\more.com

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\msgpk

Jump to dropped file

Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noreply@vmware.com0
Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0
Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1!0
Source: firefox.exe, 0000000D.00000002.4078286091.0000015F128E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWo
Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0/
Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1
Source: more.com, 00000003.00000002.2853450356.00000000050C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0
Source: firefox.exe, 0000000D.00000002.4125006961.0000015F17D6E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445

Source: C:\Users\user\Desktop\Ahnenblatt4.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	NtQuerySystemInformation: Direct from: 0x77CCE6E1			Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	NtSetInformationThread: Direct from: 0x6CD7825E			Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\SysWOW64\more.com	Memory written: PID: 6148 base: 295F60 value: 55			Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Memory written: PID: 6148 base: 2E10000 value: 00			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe

Section loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read write

Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\more.com	Memory written: C:\Windows\SysWOW64\explorer.exe base: 295F60			Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Memory written: C:\Windows\SysWOW64\explorer.exe base: 2E10000			Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com			Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: request failreceive errorcode: error codeheaders fail: except http: &IDF=([^&\s]).jsSatoshiCOMPUTERNAME&Machine=&tag=Direct/Notify/Login.phpchrome.exemsedge.exebrave.exeMetamask_2TronLinkTronLink_2Crypto.comPhantomMartian_WalletRonin_WalletRonin_Wallet_2Sui_WalletTon_KeeperExodus_Web3Coinbase_ExtensionArgent_XArgent_X_2Rabby_WalletOKX_WalletOKX_Wallet_2KaswareBNB_Chain_Wallet_Edge__Brave__Chrome_\Exodus\exodus.walletLedger_Live\atomic\Local Storage\leveldb\Guarda\Local Storage\leveldb\Electrum\wallets\WalletWasabi\Client\Wallets\Coinomi\Coinomi\wallets\Coinomi\walletsCoinomi2arc.zip/Upload.phpREQWarc.zip' -ArgumentList '/silent','/install' -Wait"powershell.exe -Command "Start-Process 'err reg: reg okusb connectednocancelapp closedExodus.exeLedger Live.exeTrezor Suite.exeGuarda.exeAtomic Wallet.exeBitBox.exeCoinomi.exemonero-wallet-gui.exewassabee.exeDaedalus Mainnet.exeErrorFailed to create windowActiveOpenedAtomic WalletDaedalus MainnetCreate/Restore walletC:\TempEXODUSSy4kaBlyaWindows--disable-features=msSmartScreenProtectionFailed to create WebView2 controller!Themes/TrezorWeb?code=oPYo4hxVN4n2tNz6cH7EA873247230472309BCDEFGHIJKLMNOPQRSTUVWXYZFailed to initialize WebView2 environment!Windows Desktop Guided TourCall to RegisterClassEx failed!Call to CreateWindow failed!/\https://([^/\s]+)Failed to get ProgramData path!https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/1b33f4e1-227e-4265-b9e9-3751aeeb2efe/MicrosoftEdgeWebview2Setup.exe\MicrosoftEdgeWebview2Setup.exeWebView2 Runtime not found. Downloading and installing...Failed to download WebView2 installer!2310011804025d5b1400515219575a5b58130b1e0510410b5d556f58584c4e295e534b4a050e0c534803010f0770030900535e5779Kduhw8rtgt43t4565fewqioh28@(#(@268e289ey2860H283dho<div\s+class="commentthread_comment_text"[^>]>\s(.?)\s</div>[A-Fa-f0-9]{1,64}\Directapi.zile42o.devuser32.dllSetProcessDPIAware}""id":"","screenshot":"{nopeContent-Type: application/json
Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet
Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: more.com, 00000003.00000002.2859762402.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: firefox.exe, 0000000D.00000002.4215468323.0000015F188A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: resource://gre/modules/OSKeyStore.sys.mjs

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	311 Process Injection	11 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	11 DLL Side-Loading	1 Scheduled Task/Job	311 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Abuse Elevation Control Mechanism	1 Abuse Elevation Control Mechanism	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 DLL Side-Loading	11 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
Ahnenblatt4.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Exploits

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Source: unknown	Process created: C:\Users\user\Desktop\Ahnenblatt4.exe "C:\Users\user\Desktop\Ahnenblatt4.exe"
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Process created: C:\ProgramData\sqlservr\Ahnenblatt4.exe C:\ProgramData\sqlservr\Ahnenblatt4.exe
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\cavorilievo.csv"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 1984 -prefsLen 31209 -prefMapHandle 1988 -prefMapSize 281498 -ipcHandle 2044 -initialChannelId {ce6cd488-dbfe-43d7-98e2-50c7224cf5bd} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 2304 -prefsLen 31209 -prefMapHandle 2308 -prefMapSize 281498 -ipcHandle 2328 -initialChannelId {422e0cbf-83b3-4156-9bed-dee1415a5eb7} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2888 -prefsLen 27948 -prefMapHandle 2892 -prefMapSize 281498 -jsInitHandle 2896 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2904 -initialChannelId {69581eab-c429-4853-9b62-a150a3888a0e} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3176 -prefsLen 28062 -prefMapHandle 3448 -prefMapSize 281498 -jsInitHandle 3572 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2852 -initialChannelId {d8f89c32-3584-4d80-91a1-391987dfe018} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 tab
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3456 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -jsInitHandle 3472 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3496 -initialChannelId {1aac090d-d631-4527-9658-7c6a53b7c51d} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 3472 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -ipcHandle 4392 -initialChannelId {cd6978bb-2bfc-4b72-99b9-3e7e3974bb07} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5088 -prefsLen 38582 -prefMapHandle 5092 -prefMapSize 281498 -jsInitHandle 5096 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3820 -initialChannelId {655631be-541d-4979-a737-2766a9a321fe} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
Source: C:\Users\user\Desktop\Ahnenblatt4.exe	Process created: C:\ProgramData\sqlservr\Ahnenblatt4.exe C:\ProgramData\sqlservr\Ahnenblatt4.exe	Jump to behavior
Source: C:\ProgramData\sqlservr\Ahnenblatt4.exe	Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com	Jump to behavior
Source: C:\Windows\SysWOW64\more.com	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 1984 -prefsLen 31209 -prefMapHandle 1988 -prefMapSize 281498 -ipcHandle 2044 -initialChannelId {ce6cd488-dbfe-43d7-98e2-50c7224cf5bd} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 2304 -prefsLen 31209 -prefMapHandle 2308 -prefMapSize 281498 -ipcHandle 2328 -initialChannelId {422e0cbf-83b3-4156-9bed-dee1415a5eb7} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2888 -prefsLen 27948 -prefMapHandle 2892 -prefMapSize 281498 -jsInitHandle 2896 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2904 -initialChannelId {69581eab-c429-4853-9b62-a150a3888a0e} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3176 -prefsLen 28062 -prefMapHandle 3448 -prefMapSize 281498 -jsInitHandle 3572 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 2852 -initialChannelId {d8f89c32-3584-4d80-91a1-391987dfe018} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 tab	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3456 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -jsInitHandle 3472 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3496 -initialChannelId {1aac090d-d631-4527-9658-7c6a53b7c51d} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241121140525 -prefsHandle 3472 -prefsLen 31476 -prefMapHandle 3568 -prefMapSize 281498 -ipcHandle 4392 -initialChannelId {cd6978bb-2bfc-4b72-99b9-3e7e3974bb07} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5088 -prefsLen 38582 -prefMapHandle 5092 -prefMapSize 281498 -jsInitHandle 5096 -jsInitLen 234660 -parentBuildID 20241121140525 -ipcHandle 3820 -initialChannelId {655631be-541d-4979-a737-2766a9a321fe} -parentPid 3940 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3940" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab	Jump to behavior

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Ahnenblatt4.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Exploits

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
Ahnenblatt4.exe